Private keys should be maintained in a Key Management Service platform to prevent loss or theft. For example, Amazon KMS, Google Cloud Key Management or Very Good Security, Vault by Hashicorp, meet Sila's security requirements for this purpose.
Private keys should never be transmitted over any network. Private keys can be generated by your application, or you may wish for your users to generate their own private keys and store them on a local device i.e. local storage on a mobile phone, or offline i.e. cold storage.
If you suffer a data loss or security breach, then immediately contact firstname.lastname@example.org for further instructions.