A couple of thoughts I had recently on this topic:
-
I do not think localstorage is a good fit for sensitive data, because it gets shared between any other plugin, and some evil plugin could dump
Object.entries(localStorage)and steal your secrets (if they will be stored there). -
On the other hand I like that localstorage data is available between Vaults. For my Imgur plugin it means that once authenticated in one Vault, you do not need to repeat this step for any other Vault.
Summarizing: localStorage is not an option for really sensitive data. I would like to have some interface for Obsidian which would isolate secret data of different plugins from each other, allowing to share such data for the same plugin between vaults on a single system.