Encryption using Deno KV and OAuth?

I'm creating a note-taking app using most of Deno's tools. I was thinking about encrypting user notes for additional privacy. The problem I have is that I don't know how to generate and manage the encryption keys without somehow storing them in the server. If anyone has any pointers on how to achieve this I would love to hear it, thank you.