Static tokens aren't the safest way to handle them (although they could be updated via ssh). This probably isn't urgent as it's quite common for tokens with this amount of entropy to be used for long.
However, we should probably indeed stop storing those tokens in plain text. Perhaps argon2id will do?