I've been building a small menu-bar app for tracking time on Jira issues. Mostly it's boring CRUD: a timer, a list of issues, push worklogs back to Jira. Except for one thing I had to figure out on day one. The user logs in with a Jira API token, and that token has to live somewhere on their machine. Where, exactly? Every Tauri tutorial skips this part. Below is what I tried, what broke, and what I shipped. My first attempt (don't do this) I already had a local SQLite database in the app for caching Jira issues, worklogs, and user prefs. So my first move was the obvious one — stick the API token in a settings table next to everything else. One database, one place to look, simple. Don't do this. SQLite stores everything in a plain .db file on disk. No encryption by default.…