There's no pre-built solution on CPAN because there are two possible cases:

1. You have a storage location that is more secure than your database
3. You don't have such a location

In case 1) you can just store the keys there, the rest is a SMOP (small matter of programming)

In case 2) you're lost anyway. Even if you obscure the keys in a very clever way, you'll still have code that reverses that process (otherwise you couldn't access the keys).

Now if somebody has access to your database, he will probably have access to your code as well, make a copy of it, and dump the keys after the deobfuscation.

So anything that is in the case 2) just gives a false sense of security, and is IMHO not worth considering.