Storing API tokens, PII, and secrets in plaintext in your database is a disaster waiting for a SQL injection or a backup leak. Here is how to encrypt sensitive columns at the application layer using Node.js built-in crypto module, with authenticated encryption, proper key derivation, and a zero-downtime key rotation protocol.