I remember seeing something similar in Roam, but the security aspect of it was quite problematic (mostly because of Roam’s underlying security concerns). I’m curious, how are you managing security on the user side for your plugin?
Security is obviously a massive concern. This is one of the reasons why the project is completely open source. Every line of code is readable on the Github page I linked in the post.
Right now, the only way someone could access the one’s API keys would be if they could already access one’s Obsidian vault. If you back up to Google Drive, they’ll be visible there. The same for any other cloud-sync provider.
The API keys are stored as any other setting in Obsidian (JSON format in a local file).
I have been toying with the idea of a ‘secure-mode’ where you’d have to enter a password to tweet. Here, the API keys entered would be hashed by a password, which would have to be entered every time one would want to tweet.
Another concern would be if a malicious Obsidian plugin targeted users of this plugin. This could perhaps be circumvented by the aforementioned ‘secure-mode’.
I have not used Roam for more than an hour. I do not know which security concerns there have been in regards to tweeting from Roam. I could imagine that the online-vs-local formats of Roam contra Obsidian makes this a separate case.
I am more than open to suggestions or improvements. I do not want security to be an issue here. I want people to feel safe using this plugin.
Thank you for making a video! I’m glad that you like the plugin.
You made a great video - I really enjoyed it. You explain the steps very well. I’ll link to the video from the instructions so people can follow along. That would probably make things easier for them. I hope that is okay?
Absolutely, it would be an honor to have my video in the plugins README. Glad to know it’s helpful for others!
Thanks again for the awesome tool, you got me back into using twitter now that’s it’s an awesome experience to tweet from Obsidian