This seems to be a bad plan from the start. Writing passwords anywhere should be avoided. Anyone who can read the code that reads the password can probably just read the password for themselves.
A few questions:-
Why would your application need to know the password? Does it become the account for certain actions?
Could you not set up sudo access to allow people to become the account when they need to? This is auditable too.
Is this a database account or something? You may be able to define it as authorised externally to the database, i.e. the DB trusts the OS validation.
How would you use the password anyway?
It just seems a bad plan to me (sorry) and we may be able to find a better way that maybe even negates the need to have it changed regularly (i.e locked for password login entirely) so saving the Access Management team a task too.
I'm just confused and want to avoid building a service with exposures.
Robin