[IncRnd]

It's not that complex, and many products and approaches handle this properly. Keep the key out of band with the secrets. Never keep the secrets in an unencrypted form. Keying material can be composed of or accessed by what you know, what you have, and what you are. Don't store the key anywhere, either by protecting the key with a kek, shared secrets, or any one of many other workable models. In some cases private keys can be a component of the security model.

It is important to understand the threat model in order to place the appropriate mitigations into the security architecture.

[idealmedtech]

But how do you protect the shared secrets? Do you see my point? I wish there was some sort of industry best practice tool or book for modelling your threats and suggesting an architecture.

[IncRnd]

I gave you the overarching theory and one specific method in my comment to which you replied. PS The shared secrets I mentioned were not in that context symmetric keys but split keys.

A tool will never solve a security problem by creating an optimal design. That requires someone with security knowledge. There are threat modeling tools that can help but only when the tools are used as designed.