I am creating my first app in which I want to allow multiple users to use their own api keys. For example, multiple vendors could each use their own Stripe key for their customer checkout. Right now my app is working for a single user where I have enviroment variables set on dev machine and heroku.
To develop ability for code based selection of keys, it makes sense to me that keys should be stored in database encrypted. Is this the prefered way to go? Are there any good how-tos on the subject around?