I’ve started to develop a plugin to load information from webservices like Jira, Confluence, …
While looking through the developer documentation i found no API for correctly storing/retrieving secrets like API tokens, username/password, …
Therefore i have a feature request for a plugin API that allows plugins to securely store and retrieve secrets (e.g. credentials). The API should ensure that each plugin can only request secrets it owns (or alternatively, that the user is asked if a plugin tries to request secrets of another plugin) and could look like this:
logseq.App.storeSecret(key, secret);
logseq.App.requestSecret(key);
My preferred solution would be to integrate logseq with password managers like KeePass XC (e.g. via keepassxc-proxy, like the KeePass XC browser plugin does it), Seahorse (Gnome password manager), KDE wallet, …
But storing the passwords on disk in a file that is encrypted with a master password would be fine too.
Otherwise each plugin needs to manage its own secrets, and as we know from e.g. Security: storing secrets in plugin settings · Issue #9290 · logseq/logseq · GitHub this leads to unexpected security problems.