OP here: my original thought wasn't to necessarily encrypt the whole file, rather to just encrypt the individual passwords before writing them to the file. This would leave the file open to casual editing/browsing (even though the PWs are encrypted) if it's a text file. However using a serializer and encrypting the resulting output is an angle I hadn't considered - I'll explore that.. Thanks!