Credential Security

I wanted to solicit suggestions from the community on what the best practices are for storing cloud credentials in shinyapps.io so that is is accessible to your shinyapp. Is it best to keep most of them directly on shinyapps.io? Or perhaps store almost all the credentials on a remote locations and pull them in during application compilation?

What is the best balance with respect to security and ease of execution?

Thanks,
Santosh