I need to store some user tokens securely in postgres. Any suggestions for best practices? One idea: encrypt/decrypt the token using a key stored in KMS, only certain lambdas have access to the key.

These best practices for storing sensitive data by AWS might be helpful to you