Adding a second node adds complexity. You will need to store the credentials for that one too.. plus storing the key in clear text in the database is just a more complex way than storing it in a file. Asking the key on startup sounds OK but when updating the key (during password recovery), all existing passwords now become invalid as they cannot be re-encrypted. Thanks for the ideas.