We use environmental variables which point to a standardized package configuration db and table on each of our servers. Then all of our SQL connections are in the package configuration table and use windows authentication. In production, our SSIS packages from a standard file location in SQL jobs and the SQL agent runs under a process id that has access to the necessary objects. All of our packages are also set to "Don't Save Sensitive". If we have to run a production package outside of a job, the production support person makes sure their environmental variable is pointing to the correct server and they run the SSIS package via the GUI package utility.

MWise