We have a multi tenant application that interact with third party apis. These services are setup in such a way that we need to keep track of each user API key in order to access it.

Currently we are storing those in the database so that we can retrieve them for when we need them.

I have looked into .net core user secrets but this seemed to be geared around application secrets such as the database connection string.

We want this to be hands off as the clients can sign them self up. As part of the user settings they can enter the API keys and we store these in the database.

What would be the best way to store these.