Key Management secrets engine

[pdrivom]

Is your feature request related to a problem? Please describe.
Storing JWT encryption key on a server, it's not the most secure option. Using a Key Management engine, makes it safer for production setting.

Describe the solution you'd like
Use Hashicorp Vault integration for DB credentials (with auto-rotating), JWT secrets, etc.

[seapagan]

True, but it is currently acceptable for the state of the API. Bearing in mind that if you are using Netlify or similar you can store the environment variables in their secure systems anyway.

If a bad actor has access to your server, the JWT secret is only the start of your problem 🤷‍♂️

I'll convert this issue into a discussion for now and when the project is more advanced we can look at integrating it.