I developed a small program hosted in my company's on-prem Windows server in Python. The program involves an API call using a private token generated for me. I stored the Python source code in plain text, but I don't want my token to be stored as raw plain text, which may cause billing issues, just in case the server administrator abuses it.
My question is: how and where (ideally in local machine), should I securely store the API key so that no one but I can access it?