Hello @Ayyyyybeeeee,
Thank you for reaching out. Key management for a specific application is often determined by the overall level of security the application requires. We touch on this a bit in our discussion of database key material and selection [1]. Note, the key material should never be hardcoded within the application.
There is a Secret Manager provided by ASP.NET Core [2], however, it is only intended for development purposes as credentials are stored in plaintext within a user profile directory. There are cloud-based solutions as well such as Azure Key Vault [3], and AWS Systems Manager Parameter Store [4]. Another approach is to require the end-user to provide the key material on demand. Ultimately, you will need to weigh the level of security the application requires when determining your key management strategy.