If you are storing secret encryption keys hardcoded in your application like that, you might as well be using ROT13. Cryptographic protocols are one wheel you really really don’t want to be reinventing. Use a system that has gone through extensive peer review, like JWT or JWE. If you don’t have (or want to make) a PKI, use a KDF like scrypt based off a user-entered password if you need to generate replicable symmetric keys: don’t hardcode them into application source code.