A place for Plugin's sensitive data?

I would like to implement OAuth login for Imgur plugin. And it will need to store tokens somewhere. Plugin settings is obviously not an option, because it stores data in plain text inside of a vault. In Discord chat I was suggested to try LocalStorage, but with a caution that it won’t probably work in mobile version. While Imgur plugin does not target mobile platform, what is the most preferable place to store sensitive data? And if there is no such a place, it’s probably worth thinking about creating such an API for plugins.

Quoting snyk.io:

local storage should never be used for sensitive information such as passwords or personal information

PS One other thing which prevents me from implementing OAuth login is that I can not receive all the data coming to Obsidian protocol handler as part of a callback URL, see the detailed description here

4 Likes

Did you ever find a good workaround?

Nope, I did not try to find anything (now I am stuck with OAuth authentication implementation, I do not even have secrets to store yet). But as soon as I will be able to proceed I would stick with localstorage until there is no better API for secrets. I think for me localstorage is a good fit (Imgur authentication can be shared between multiple vaults, and I do not worry about mobile support since I am not targeting it)