Problem/Motivation
I can't use pantheon_secrets module to work with encryption keys, because when attempting to create a key of type encryption using a Pantheon secret, the form fails validation on the key size, unless you set zero as the size value. That zero value is not even a valid workaround, because the key doesn't work for encryption, an EncryptException is thrown.
Steps to reproduce
Install Encrypt, which requires Key module.
Create a key with this command: dd if=/dev/urandom bs=32 count=1 | base64 -i
Use the generated value to create a secret: terminus secret:site:set mtc2 <name> <value> --scope=web --type=runtime
Go to /admin/config/system/keys and there click "+ Add Key"
Try to add a key of type "Encryption", size=256, provider "Pantheon", and select the Secret name of the secret created above
The validation fails on key size, and it would only let you create the key selecting the size "Other" and "0".
Optionally
Install Real AES module, create a profile using that key (with declared 0 size to pass validation), and test the profile encryption. It will throw an error.
Go again to /admin/config/system/keys and there click "+ Add Key"
Try to add a new key of type "Encryption", size=256, provider "Configuration", and set the same value we generated with the dd command.
The key will be created successfully, no validation error.
Create an encryption profile with this key and see that encryption works now.