oidc-add encrypt all their communication with the agent (their communication might contain sensitive information like user credentials (only for
oidc-gen when using the password flow), OIDC refresh token, client credentials, lock password, etc.) Communication done with
oidc-token) is not encrypted. However, this communication only contains OIDC access token as sensitive information and these can be requested by any application with access to the agent socket. If an application communicates directly through the UNIX domain socket with
oidc-agent encryption is theoretically supported. However, it requires usage of libsodium and the implementation details (used functions, parameters, etc.) are not documented and have to be retrieved from the source.