Making only a specific list of attributes retrievable (allowlist-only)

I have an index that contains user data (names, addresses, etc). I would like to make a certain subset of that data searchable by non-admin users.

Our current solution is a virtual replica that has 30-40 attributes listed in the unretrievableAttributes setting. This works, but means that we need to remember to update unretrievableAttributes every time we add new fields to the index.

The only other solution I can think of is to generate two separate indexes, and trigger two updates each time a user’s data changes, but that’s not ideal at all.

We do use secured API keys via generateSecuredApiKey, but the key is generated for access to multiple indexes, which means locking attributesToRetrieve won’t work because those attributes may be necessary on other indexes that can be searched.

Has anyone else come up with a good solution for a similar need?