Encryption will be the best approach to hide the information. Why the connection string kind of information stored in webconfig in, there is no need to compile the code again if its changed and its ease to access globally. If Encryption/Decryption method is followed be extra care while you changing the userid and password in the string.
And for example you can refer
this article [^] . It may help you :)