Thanks for the reply. I'm fully aware of the dangers of rolling my own and want to avoid it at all costs. Is using a battle-tested Node.js library or the database's own API for encryption also dangerous?
As I understand it, it's more scaling the company and managing the keys does become an issue if you handle those directly. Imagine explaining this stuff now to a junior dev lol. As for a database's own encryption, I would trust it as much as you trust the organization programming that database.
I manage keys with Azure since we are a Microsoft hybrid house.
No, that's fine. I'd shy away from third party libs though, would probably use what Node.js provides out of the box. Or possibly something in the database, but I've never looked into that. Just don't roll your own crypto _library_, obviously.
I was checking out the docs for that and a few other similar solutions too. This is very true. Most of the secret managers are primarily intended for config-like data.