WebPush doesn't really have keys to keep track of. Other than the VAPID signature (which is optional but may be enforced by the push service) all of the keys are ephemeral. They are used for just one subscription so storing them is just as easy as storing the rest of the notification URL.