Probably too late, but it would be awesome if the Zero had a secure enclave+crypto engine. Something like a Microchip 608A (https://www.microchip.com/wwwproducts/en/ATECC608A) so you could use it to generate public/private keypairs when you need to encrypt/decrypt data. Second advantage is a hardware-accelerated cryptoengine.
There’s also a library to interact with it, https://github.com/MicrochipTech/cryptoauthlib.
Also good for doing things like secureboot. Cost < $1.
Worse-case can wire it to