Users give my app permissions to grab their data from 3rd party service. Each time it happens I get OAuth2 token per user, which later I use to call API.
And I must not store those tokens open.
Is it OK to encrypt tokens with just one key stored on the server (in Meteor.settings e.g.), write it in database and then get from DB and decrypt on demand? Which algorithm or function should I use? Or is there a standard solution in Meteor for this task?