I am working on the Google calendar plugin and have encountered the problem of storing the access and refresh API token as well as the custom client ID and secret inside obsidian. I have postponed this issue long enough by storing the data inside the local storage of obsidian. My problem is, that everyone has access to this storage.
I looked into using electrons saveStorage or third party libraries using the system keychain to encrypt the data, but came to the conclusion that this doesn’t add any additional security, plus it is not compatible for mobile users.
My Idea would be to add an option inside the settings to password protect the confidential data using AES. The drawback would be to enter the password every time obsidian starts.
I would like your opinion and insides on this idea. Would you use such an option, if it increases security? Would this add security?