Option to encrypt passwords in Restic-Browsers userprofile preferences file

[MenceyBentayga]

First of all: Restic and Restic Browser have already saved a couple of my friends from disasters, and I can't be more grateful for all your work!

In Windows, I have noticed that in %USERPROFILE%/org.restic.browser/presets, the saved repo data is stored in plain text in the disc, requiring no special permissions to access the folder or read the file.

In Windows at least, using something like DPAPI could help improve the security of the situation plenty, or maybe using something based on Bcrypt if you want something a little more platform-independent.

I think it would greatly improve both comfort of use (not having to store the password), and security (not having it be copy-pasted, or written each time, exposing it to keyloggers or hijack attacks, copying the file to other device, or simply stealing the password).

[emuell]

Yes, it indeed would be nice if passwords could be encrypted. That's why it's currently not recommended to store them and why the location dialog doesn't do that by default. Ideally, the entire presets document should be encrypted, as the location URL may contain passwords, for example when using REST paths.

DPAPI could work on Windows, but we need a solution that works for all platforms.

https://github.com/HuakunShen/tauri-plugin-keyring could be an option here, but I guess it would then only store passwords for individual locations. So password would not be saved in the preferences at all, but only in the keychain - the rest in the location prefs as it is.

Do you have any other ideas on how to achieve this technically on all platforms?

[MenceyBentayga]

I think using the Tauri Keyring plugin is good for multiplatform support. With it, storing pretty much any sensitive info can be handled through it at the OS level, and all you'd store in the preferences file would be some key to the value pair to access it.

Is there any potential tricky scenario or edge case where it wouldn't be appropriate to do this?