Currently, some keys live in the rCORE repository. These keys are all either inactive outside the cluster or imply no elevated level of access, but we will have some keys in the future which do not have these properties (e.g., stripe API keys, S3 API keys) and it would be nice to have stronger technical access barriers to even the useless/inactive keys: a design intern working on the instances portal can't use client.key, but also shouldn't have access to it.
For now, I'm going to make a separate key store and have rCORE contain "development" credentials. In production, it will deploy to point at the production keystore instead.