Accidental Exposure of Sensitive Information

[365erik]

This plugin enables people to save their vault to a Github (etc.) repo. These repos are often made public. This may potentially expose sensitive information stored in the .obsidian folder.

While auditing the plugin on macOS, I did not notice anything in the obsidian-git plugin or generated data.json that couldn't safely be made public. However, I did find some unrelated plugins storing API credentials in .obsidian and data.json files where they might be unwittingly shared.

1. Does this plugin store any data that can't safely be shared with the public?
2. It would be great to provide a friendly warning that other plugins may be saving secrets in the .obsidian folder.
3. An option to automatically .gitignore the .obsidian folder could be helpful for the less technical.

[Vinzent03]

1. This plugin only stores credentials on mobile, because it's relying on system git to do authentication etc. On mobile, it's stored in localstorage, which I think is encrypted and not accessible.
2. Sounds like a good idea
3. I'm already providing a command in Obsidian to edit .gitignore. So I don't think that's necessary.