Securely storing derived key in web app and handling user identity

Securely storing derived key in web app and handling user identity

I am currently working on an open source project to securely store notes, payment card numbers, etc. I would like to implement a zero knowledge encryption method so that no one but the user can decrypt this data.

Unfortunately, I am stuck on 2 things.

1. How can I securely store the derived key in the browser? I want to avoid the situation that the user has to type the password every time he saves the data to encrypt the data before sending it to the server so I thought it would be better to keep the key (hash) in the browser and use it when saving the data. I wonder if keeping the key in session storage will be a good solution?
2. Is using a third-party service that handles login and access to user resources a good option? I'm not a security expert and I'd prefer not to create my own service for such login and resource access management, so I thought it would be safer to use external (necessarily open source) services like Zitadel or Ory.sh (maybe some of you have experience with them?). Is it a good idea for an open source project, which is supposed to be primarily secure and trustworthy, to use external services to handle logging and resource management? I browsed on GitHub how this is done for example in Bitwarden or Proton applications but as far as I can see Bitwarden and Proton have their own authentication and authorization systems.

Thank you for your help