I’ve compartmentalized the problem for now until I get further along.

The basic idea I am working with is that the wallet component has its own key managed by the client user application. It never sees the owner’s key and vice-versa, the user never needs to see the wallet key. If there is a problem, the wallet can be replicated to a new instance and the old one burnt.