- Autogenerate the encrypted key but only when requested
- Generate the new key as part of the secret token initializer
- Add additional config check during ldap secrets edit
- Ensure that the provided input is valid yaml, and is a hash