On key distribution:
I don’t distribute the master key at all — users never see it.
What they get is a per-article unlock code, which is derived deterministically from the article’s slug + my master secret (HMAC).
So:
I keep one root secret, offline in my .env
Each paid article generates a unique unlock code deterministically
The viewer derives the AES key locally from code + slug
No DRM, no extra infra, no hidden server checks
If someone pays, I just send them their unlock link (?code=...)
It basically gives you pay-to-decrypt without introducing any central gatekeeper logic.
Manual for now, but fully automatable since the unlock codes are deterministic.