Ironically, the passphrase for the encryption wouldn’t be encrypted in this scenario as claims can be decoded from the token payload if intercepted. It would also probably be stored as-is server side as well. Claims aren’t designed as secrets.
Perhaps you could authorise a request to an actual secrets manager via oidc though, allowing the volume to be unlocked.
Did you see the external libraries options?
The current government hasn’t been normal by New Zealand standards. It’s risking being a one term government.
I think using LLMs with RAG (aka tools) is more useful and reliable than relying only on training data that the model does its best to represent.
For example, using a search engine to find results for a query, downloading the first 10 results as text, and then having the LLM answer subsequent queries about those sources, or another example would be uploading a document and having the LLM answer queries about its contents.
This is also advantageous because much smaller and quicker models can be used while still producing accurate results (often with citations to the source).
This can even be self hosted with Open WebUI/ollama.
Sometimes being kind doesn’t necessarily mean being nice.
A fall-back to the current way of unlocking the volume would probably be a good idea. It wouldn’t be fun to lose access to something because a cloud service went down or access to it was lost etc.