jamiebrynes7 · jamiebrynes7 · Feb 1, 2026 · Feb 1, 2026 · Feb 1, 2026
diff --git a/docs/docs/changelog.md b/docs/docs/changelog.md
@@ -12,6 +12,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## Unreleased
 
+### ✨ Features
+
+- You can now select where the plugin should store your API token.
+  - By default, this is Obsidian's secret storage as this is the most secure option.
+  - You may select the old file-based approach that was used prior to v2.5.0
+
 ### 🐛 Bug Fixes
 
 - Task descriptions will now correctly be rendered if the `show` parameter of the query is omitted entirely.

diff --git a/docs/docs/configuration.md b/docs/docs/configuration.md
@@ -8,9 +8,14 @@ There are a number of options that allow you to configure the behaviour of the p
 
 ## General
 
-### Todoist API token
+### Token storage
 
-The API token used to connect to Todoist. This is stored in your vault at `.obsidian/todoist-token`. If you synchronize your vault, I recommend that you do _not_ sync this file for security reasons.
+Controls where the plugin stores your Todoist API token. There are two options:
+
+- **Obsidian secrets** - Uses Obsidian's built-in secret storage. This is the recommended option as it keeps your token out of your vault files.
+- **File-based** - Stores the token in a file at `.obsidian/todoist-token` inside your vault. If you synchronize your vault, you should consider _not_ syncing this file for security reasons. You may want to use this option if you have issues with Obsidian secrets.
+
+Changing this setting will automatically migrate your token to the new storage location.
 
 ## Auto-refresh
 

diff --git a/docs/docs/setup.md b/docs/docs/setup.md
@@ -28,7 +28,7 @@ Once the plugin is installed, you'll need to enable and do some initial setup.
 4. The prompt will verify that the token provided is valid and will present you with a checkmark if it is
 5. Select 'Save' to complete the setup
 
-> Your API token is stored securely using Obsidian's built-in secret storage under the ID `swt-todoist-api-token`.
+> By default, your API token is stored securely using Obsidian's built-in secret storage. You can change this to file-based storage in the [plugin configuration](./configuration#token-storage).
 
 ## What's next?
 

diff --git a/docs/docs/translation-status.json b/docs/docs/translation-status.json
@@ -1,10 +1,10 @@
 {
-  "total": 209,
+  "total": 215,
   "statuses": [
     {
       "name": "English",
       "code": "en",
-      "completed": 209
+      "completed": 215
     },
     {
       "name": "Nederlands",

diff --git a/plugin/src/i18n/langs/en.ts b/plugin/src/i18n/langs/en.ts
@@ -18,6 +18,14 @@ export const en: Translations = {
         description: "The Todoist API token to use when fetching tasks",
         buttonLabel: "Setup",
       },
+      tokenStorage: {
+        label: "Token storage",
+        description: "Where the plugin should store your Todoist API token",
+        options: {
+          secrets: "Obsidian secrets",
+          file: "File-based",
+        },
+      },
     },
     autoRefresh: {
       header: "Auto-refresh",

diff --git a/plugin/src/i18n/translation.ts b/plugin/src/i18n/translation.ts
@@ -16,6 +16,14 @@ export type Translations = {
         description: string;
         buttonLabel: string;
       };
+      tokenStorage: {
+        label: string;
+        description: string;
+        options: {
+          secrets: string;
+          file: string;
+        };
+      };
     };
     autoRefresh: {
       header: string;

diff --git a/plugin/src/index.ts b/plugin/src/index.ts
@@ -56,7 +56,7 @@ export default class TodoistPlugin extends Plugin {
 
   private async loadApiClient(): Promise<void> {
     const accessor = this.services.token;
-    const token = accessor.read();
+    const token = await accessor.read();
 
     if (token !== null) {
       await this.services.todoist.initialize(new TodoistApiClient(token, new ObsidianFetcher()));
@@ -65,7 +65,7 @@ export default class TodoistPlugin extends Plugin {
 
     this.services.modals.onboarding({
       onTokenSubmit: async (token) => {
-        accessor.write(token);
+        await accessor.write(token);
         await this.services.todoist.initialize(new TodoistApiClient(token, new ObsidianFetcher()));
       },
     });
@@ -95,7 +95,7 @@ export default class TodoistPlugin extends Plugin {
     const migrations: Record<number, () => Promise<void>> = {
       1: async () => {
         // Migration from 0 -> 1: migrate token to secrets
-        await this.services.token.migrateToSecrets();
+        await this.services.token.migrateStorage("file", "secrets");
       },
     };
 

diff --git a/plugin/src/services/tokenAccessor.ts b/plugin/src/services/tokenAccessor.ts
@@ -1,5 +1,6 @@
 import type { SecretStorage, Vault } from "obsidian";
 
+import type { TokenStorageSetting } from "@/settings";
 import { useSettingsStore } from "@/settings";
 
 export class VaultTokenAccessor {
@@ -13,26 +14,88 @@ export class VaultTokenAccessor {
     this.path = `${vault.configDir}/todoist-token`;
   }
 
-  read(): string | null {
-    const secretId = useSettingsStore.getState().apiTokenSecretId;
-    return this.secrets.getSecret(secretId);
+  read(): Promise<string | null> {
+    const settings = useSettingsStore.getState();
+    return this.readFromStorage(settings.tokenStorage);
   }
 
-  write(token: string) {
-    const secretId = useSettingsStore.getState().apiTokenSecretId;
-    this.secrets.setSecret(secretId, token);
+  write(token: string): Promise<void> {
+    const settings = useSettingsStore.getState();
+    return this.writeToStorage(token, settings.tokenStorage);
   }
 
-  async migrateToSecrets(): Promise<void> {
-    const tokenExists = await this.vault.adapter.exists(this.path);
-    if (!tokenExists) {
+  async migrateStorage(from: TokenStorageSetting, to: TokenStorageSetting): Promise<void> {
+    if (from === to) {
       return;
     }
 
-    const token = await this.vault.adapter.read(this.path);
-    const secretId = useSettingsStore.getState().apiTokenSecretId;
+    const token = await this.readFromStorage(from);
+    if (token === null) {
+      return;
+    }
+
+    await this.writeToStorage(token, to);
+    await this.cleanupStorage(from);
+  }
+
+  private async readFromStorage(storage: TokenStorageSetting): Promise<string | null> {
+    switch (storage) {
+      case "file": {
+        const exists = await this.vault.adapter.exists(this.path);
+        if (!exists) {
+          return null;
+        }
+
+        const value = await this.vault.adapter.read(this.path);
+        return value === "" ? null : value;
+      }
+      case "secrets": {
+        const secretId = useSettingsStore.getState().apiTokenSecretId;
+        const value = this.secrets.getSecret(secretId);
+        return value === "" ? null : value;
+      }
+      default: {
+        const _: never = storage;
+        throw new Error("Unknown token storage setting");
+      }
+    }
+  }
+
+  private async writeToStorage(token: string, storage: TokenStorageSetting): Promise<void> {
+    switch (storage) {
+      case "file":
+        await this.vault.adapter.write(this.path, token);
+        return;
+      case "secrets": {
+        const secretId = useSettingsStore.getState().apiTokenSecretId;
+        this.secrets.setSecret(secretId, token);
+        return;
+      }
+      default: {
+        const _: never = storage;
+        throw new Error("Unknown token storage setting");
+      }
+    }
+  }
 
-    this.secrets.setSecret(secretId, token);
-    await this.vault.adapter.remove(this.path);
+  private async cleanupStorage(storage: TokenStorageSetting): Promise<void> {
+    switch (storage) {
+      case "file": {
+        const exists = await this.vault.adapter.exists(this.path);
+        if (exists) {
+          await this.vault.adapter.remove(this.path);
+        }
+        return;
+      }
+      case "secrets": {
+        const secretId = useSettingsStore.getState().apiTokenSecretId;
+        this.secrets.setSecret(secretId, "");
+        return;
+      }
+      default: {
+        const _: never = storage;
+        throw new Error("Unknown token storage setting");
+      }
+    }
   }
 }
diff --git a/plugin/src/settings.ts b/plugin/src/settings.ts
@@ -6,6 +6,8 @@ export type AddTaskAction = "add" | "add-copy-app" | "add-copy-web";
 
 export type DueDateDefaultSetting = "none" | "today" | "tomorrow";
 
+export type TokenStorageSetting = "secrets" | "file";
+
 export type ProjectDefaultSetting = {
   projectId: string;
   projectName: string;
@@ -18,6 +20,7 @@ export type LabelsDefaultSetting = Array<{
 
 const defaultSettings: Settings = {
   apiTokenSecretId: "swt-todoist-api-token",
+  tokenStorage: "secrets",
 
   fadeToggle: true,
 
@@ -46,6 +49,7 @@ const defaultSettings: Settings = {
 
 export type Settings = {
   apiTokenSecretId: string;
+  tokenStorage: TokenStorageSetting;
 
   fadeToggle: boolean;
   autoRefreshToggle: boolean;

diff --git a/plugin/src/ui/settings/TokenChecker.tsx b/plugin/src/ui/settings/TokenChecker.tsx
@@ -27,7 +27,7 @@ export const TokenChecker: React.FC<Props> = ({ tester }) => {
   useEffect(() => {
     setTokenState({ kind: "in-progress" });
     (async () => {
-      const token = tokenAccessor.read();
+      const token = await tokenAccessor.read();
       if (token === null) {
         setTokenState({
           kind: "error",
@@ -45,7 +45,7 @@ export const TokenChecker: React.FC<Props> = ({ tester }) => {
       onTokenSubmit: async (token) => {
         setTokenValidationCount((old) => old + 1);
 
-        tokenAccessor.write(token);
+        await tokenAccessor.write(token);
         await todoist.initialize(new TodoistApiClient(token, new ObsidianFetcher()));
       },
     });

diff --git a/plugin/src/ui/settings/index.tsx b/plugin/src/ui/settings/index.tsx
@@ -6,7 +6,7 @@ import { t } from "@/i18n";
 import { PluginContext } from "@/ui/context";
 
 import type TodoistPlugin from "../..";
-import { type Settings, useSettingsStore } from "../../settings";
+import { type Settings, type TokenStorageSetting, useSettingsStore } from "../../settings";
 import { TokenValidation } from "../../token";
 import { AutoRefreshIntervalControl } from "./AutoRefreshIntervalControl";
 import { LabelsControl } from "./LabelsControl";
@@ -105,6 +105,29 @@ const SettingsRoot: React.FC<Props> = ({ plugin }) => {
       >
         <TokenChecker tester={TokenValidation.DefaultTester} />
       </Setting.Root>
+      <Setting.Root
+        name={i18n.general.tokenStorage.label}
+        description={i18n.general.tokenStorage.description}
+      >
+        <Setting.DropdownControl
+          value={settings.tokenStorage}
+          options={[
+            {
+              label: i18n.general.tokenStorage.options.secrets,
+              value: "secrets",
+            },
+            {
+              label: i18n.general.tokenStorage.options.file,
+              value: "file",
+            },
+          ]}
+          onClick={async (val: TokenStorageSetting) => {
+            const oldStorage = settings.tokenStorage;
+            await plugin.services.token.migrateStorage(oldStorage, val);
+            await plugin.writeOptions({ tokenStorage: val });
+          }}
+        />
+      </Setting.Root>
 
       <h2>{i18n.autoRefresh.header}</h2>
       <Setting.Root