Here's the dilemma, which I am sure has been solved before:
We need to create an application which updates information on-chain according to the users progress in the application.
In this case it's a game, and the game is off-chain, but the data is stored on-chain.
I understand that the best solution is to have the smart contract have a modifier that makes it so only one specific wallet address would be able to call the function to update user data.
Then we would have the application be the only one able to sign transactions using that wallet's private key, which would be stored in a secure manner.
Theoretically, I understand all of this (if it is indeed correct), yet I do not know how to implement this last part. Can anyone provide some guidance or even point me in the right direction when it comes to this?
You'd make sure the app has access to a private key. A private key is just a number (usually represented as a hexadecimal string). There are good libraries like ethers.js and web3py to make it easy to load the string and then be able to sign transactions using that key on-chain.
This part happens all the time, and the right tool for the job depends on the language you are building your system in. Then you want to make sure the key is protected, by which I mean it is run only server-side, and the key is where you would keep other secrets (like API keys), since you don't want someone scanning Github to find it.