Kong encryption key management

I am wondering about how Kong manages critical security information such as encryption keys. Plugins such as JWT stores OAuth2 Client Secrets, for example, will need a secured storage for that to support various security requirements such as HIPPA and PCI, right?