You could use a variant of the encrypted tenant options, see this post.
So if you start with a tenant option using a key with the credentials. prefix. But this value would still be accessible by other microservices, so to prevent this, you could just encrypt the tenant option value using the microservice’s bootstrap password (or some other secret which is only known to the microservice). That way only the intended microservice would be able to read and decrypt the value.