If I were at all going to go that route, I'd prefer to use just a GPG-encrypted plaintext file. That way at least I'm using a known and proven encryption implementation. It's got no UI of any sort either, which I prefer.

Makeshifts last the longest.