I'm developing an Authorization Server as a side project where the flow is very simple: an application owner register its application to the Authorization Server, the Authorization Server then generates a random key and stores it; later when users will desire to register to the Application they'll instead register to my Authorization Server that will generate for them JWT signed with the application-related secret keys. Now I'm wondering what would be the best place where to store the secret keys realted to each applications: I know that in cloud I could use a Secret Manager service (like the one provided by AWS), but if I don't want to launch my service on cloud? What would be a scalable and secure storage where to keep the pairs of "applicationId":"secretKey"?
Since now I could have thought to storing the keys in a database but would be as bad as storing plain-text password for the users, so I discarded this option.