> there needs to be some kind of secret storage that the agent can read/write

Why not the filesystem?

I would create a local file (e.g. .env) in each project using postgres, then in my postgres skill, tell the agent to check that file for credentials.