@stalbert yeah I got to the point where I couldn't seem to pass it a value and just threw up my hands. The library I'm using does not take a "secret key" so cryptoJS seems like it could be a better option. What would be a good way to store the "secret key"? Password field on a custom record perhaps?

hashing shouldn't require any secrets