As an app builder, I want to safely store secrets for end-users (on end-users' behalf) with a convenient way to monitor/manage such keys.
Why would it be useful?
It is sometimes required to store API keys to a user's tools such as storing OpenAI keys for a given user. We want to provide interfaces reminiscent of Heroku/Render/Railway/any compute env "env var" forms such that the end users can configure the values of their secrets. Many secret managers or vaults logically assume differentiation between build/deployment environments (for example staging and production). In this case, we want to organize an environment into many user scopes which can easily be monitored, managed, rotated, etc..
Additional context
To store end-user secrets, one would likely roll their own encryption setup (which I'm avoiding) or use something like Supabase Vault or some other "more flexible" user-limited secret storage mechanism where I can scope secrets to a given end-user and rotate all secrets for a given user which, however; presents another thing to keep in consideration in the overall system design that could be easier solved by just using a secret store/vault.
Feature description
As an app builder, I want to safely store secrets for end-users (on end-users' behalf) with a convenient way to monitor/manage such keys.
Why would it be useful?
It is sometimes required to store API keys to a user's tools such as storing OpenAI keys for a given user. We want to provide interfaces reminiscent of Heroku/Render/Railway/any compute env "env var" forms such that the end users can configure the values of their secrets. Many secret managers or vaults logically assume differentiation between build/deployment environments (for example staging and production). In this case, we want to organize an environment into many user scopes which can easily be monitored, managed, rotated, etc..
Additional context
To store end-user secrets, one would likely roll their own encryption setup (which I'm avoiding) or use something like Supabase Vault or some other "more flexible" user-limited secret storage mechanism where I can scope secrets to a given end-user and rotate all secrets for a given user which, however; presents another thing to keep in consideration in the overall system design that could be easier solved by just using a secret store/vault.