How to securely store 3rd party API keys directly on web server
I'm building a private web app that I plan to use between myself and a few select friends. Each of us have API keys for a 3rd party service that my web app needs to access so it can call the 3rd party service API's and return data we want to evaluate together.
Because this is a private / static web app, I don't feel the need to store these keys in a database and am hoping to store these keys directly on my web server.
If I take this route, what are the main security risks? Should I consider somehow encrypting these API keys on my web server disk and decrypting them inside my web app only when I need to use them? (if so, any guidance on this?)
I've done standard web development for a long time now, but lack terribly in my knowledge of web security. I'd appreciate any guidance or thoughts!
