How are we securely storing service account passwords used for database connectivity?
Does TDM support(feature/integrate) Hashicorp-vault ?

All supported releases of TDM

By default, connection profiles are stored in the gtrep repository database, and the passwords are encrypted.

As for integration with Hashicorp-vault, connection profiles can use custom security plugin. We can leverage Vault APIs to get the password at runtime. For more information, see Security Plugins in the TDM documentation.