I need to store OAuth token, and various quite sensible user information data into my firestore. I've learned that Firestore is safe and that they already encrypt data, should I do it still ?
If I do it, I'll use a key stored in .env to encrypt / decrypt data via a aes-256-cbc cypher but I think it might be overkill...
PS. I use Next.js API Routes
Encrypting the data is entirely optional and doable, but the practicality of doing so far exceeds the actual usefulness of any encryption implementation.
The data is already transferred securely via HTTPS and decoded on the client. If you were to encrypt the data, any information to decode the data would also be available from within your app, making the encryption redundant.
The only reasonable risk is if the clients' device is compromised, hackers can access the decrypted data directly but that is not feasible to prevent.