Approaches for tenant-specific secrets? #457
Description
Just curious if there is guidance on tenant-specific secrets while using this approach? If we went this route, we'd continue using Auth0 for tenant-specific logins (with nextjs-auth0), and that requires a few secrets per tenant.
The two thoughts that come immediately to mind are:
- HCP Vault Secrets (prefixed by the subdomain like the other values in Redis)
- Keeping an encryption key in a Sensitive Environment Variable and encrypting ourselves before storing in Redis
The second would require a bit more code, but I'm guessing would be cheaper and have less latency?
Any thoughts?