If a developer needs to store sensitive API keys for a third-party integration at ABC News, how would you design a secure workflow for them?