The generated account configuration files contain sensitive information (i.e. client credentials and the refresh token) and are therefore stored in an encrypted way.
There are two options to encrypt account configurations:
via gpg-agent
password-based
All encryption (except gpg-based) done in the oidc-agent project is done through the libsodium library, which is also used by software such as Discord, RavenDB, or Wire.
