What's the best way you guys feel to store integration tokens 1. Within the script 2. Global script param 3. Custom record 4. A text file in filecabinet with token secret in it 5. Netsuite API secrets

I would do 3 and use N/encode

API Secrets would be my preference, but only if you can use it within the bounds of the

https.*

requests where they're supported.

I would love to say Secrets, but they're just not portable - probably by design - which makes them really difficult to manage across accounts (Sandboxes, etc). I typically use Custom Records

We use API Secrets. Take the hit on environment issues in return for better security.