Hm… I struggle to picture what you’re trying to achieve…

If you are “making an app” as in coding one, you can just have it say ask for a pin in a window as part of starting up.

You suggest various encryption related solutions… what is your threat model? Do you want to make the identity of the app unknown to others? Normally, autkenticating users is the responsibility of the os/desktop environment, and it would be non-ideomatic for an application to bundle its own auth, except for apps such as a password manager.

If you want to make an existing system app privileged/secret in some way then that sounds awkward indeed. Normally you’d definitely be using user management facilities (e.g. dedicated users and sudo config) to achieve such a thing.

If you really do want to make the app “secret” in some sense you could achieve the same thing as with your mac using a combination of loopback block devices (see man losetup) with an encrypted luks volume inside… but depending on the app you might end up in dependency hell if it’s not statically linked.

ymmv 🙂

Looks cool, but there is a certain irony in calling something an “offline API client”. I suppose that is to contrast it with Postman? (I’ve never used it myself but have heard friends complain of having to log in… which rightfully seems excessive for what is essentially curl with a UI.)

Using plain text files is a good design choice.

Switched from Windows in 2002, did FreeBSD -> Gentoo -> Ubuntu -> Arch. Finally switched to NixOS in 2012 and never looked back.

The builtin isolation meant I never actually got properly acquainted with Docker until I switched jobs and had to use it.