Can I store secret encryption keys in app_metadata?

In my application, I’m going to be storing sensitive data that I want to encrypt. Since I want to delegate the security responsibility to auth0, I thought about creating a unique encryption key for each user and storing it within auth0 app_metadata.

Is storing secrets such as encryption keys in app_metada recommended and/or supported by auth0?

Yes, you can pass any information in user_metadata as the whole user info object will be encrypted already so no need to worry about encryption. You data will be safe and secure. Info like this should be stored in the user’s app_metadata, not the user’s user_metadata.
My Sutter Online Login

2 Likes

Teamwork makes the dreamwork! Thanks for sharing knowledge @Irenehicks !