I think what you're suggesting is:
• in a before or after registration hook, store the customer data
• update the kratos traits (cant use hooks to manipulate/mutate the flow data)
• when obtaining traits youd need to always request this extra data separately
I think this would be a bit pointless as it would be easier to just request user data via user ID after and not have any in traits. That's unfortunately what I'm considering but with the data being in traits would be really useful (first/last name for sure, email not necessarily) as it's rendered on every page in my SPA. I'm also considering adding an extra cookie but unsure if that's possible via hooks.
Regardless, if I have multiple registration fields and I want to split them across tables, right now it looks like partial data is saved if any hooks fail to save the data, but an account is created if kratos does store the account details. If kratos provided an optional url to allow us to store data as we see fit (and if identities arent saved correctly that's our fault) it would provide much more flexibility and robustness.
RE encryption with secret managers, I wouldn't want any UI being able to request keys to decrypt data themselves. It makes me uncomfortable; doing it in the backend for a logged in identity for their own traits makes much more sense to me since it's their data - the encrpytion is a) a last line of defense against db compromise b) providing limited data visibility to staff. I hope this all made sense?
Full data:
Registration form is for companies
It includes company name/number
customer first/last names
customer email (also log in identifier)
marketing acceptance
registration is manually verified - we check the company is not only legit, but suitable for our application. we also check a few other things for pre-approval checks to connect with other companies
one form should easily save data to tables: company, identity (account info), customer
Right now, traits have to be json in the identities table. if instead kratos offered post/get functionality it would make things far cleaner: I could store company_id, first_name, last_name, company_name and then would not need to request this on every SPA load up. Further, I wouldnt have to add hooks for registration, settings & profile management.