Where to store private and public keys?


I’m new to backend and currently don’t know best practices of storing sensitive data in safe.

I configured node.js server with JWT. I signed JWT with RSA key. Each time server receive request it verifies integrity of JWT.

For now I have 2 files private.key and public.key. The first file is used for signing JWT and the second one is used for verifing JWT.

So the question is.

Where should I store these keys (files)? Currently, I store them beside the project source files but do not push them to the remote source control system. Whenever I need content of the keys I just use readFileSync so it requires files to be present in the project.

Do I need to encrypt these files too? or…
Do I need to push these files to the remove service and use them via HTTP? or..
Is there any service where I can put my files and use some URL to get access to the files?