How to pass credentials to a Panel app in a somewhat secure way?

I’m using Panel behind Jupyter Server Proxy as part of a larger web application, which allows connecting to a user-specified database somewhere in the cloud presumably.

Currently the database URL, including credentials are passed to Panel as query parameters and accessed using pn.state.location, but passing credentials in the URL is bad practice because they can end up in log files and shared inadvertently.

What other mechanisms does Panel have for receiving parameters? POST, cookies, localstorage, anything. I could not find it in the docs but maybe I’m looking wrong.