Users' OIDC access tokens are currently stored in plaintext in the Postgres DB. Given the sensitivity of these tokens, we would prefer if they were stored encrypted.

For our deployment, it would work fine to manage the encryption key outside of Coder in an existing secrets manager and pass it in via a file path or directly inside an environment variable.