Description
It would be nice if you could encrypt the cargo registry token under a key derived from a passphrase, much like ssh supports for private keys.
It's fairly common for developers to be running a large number of incorrectly firewalled services under their own user and have them listening on all network interfaces, and unless there's some sort of additional protection beyond filesystem perms, if any of these services are vulnerable to a directory traversal attack (such as the one all Rails apps were vulnerable to recently) files like ~/.cargo/config (or ~/.ssh/id_rsa) are easy to steal if someone is on public WiFi or are otherwise directly connectable. Firewalls help, but sometimes people spin up VMs and bridge them to their external interfaces without thinking about the security ramifications (and stick their credentials inside so they can develop inside a VM)
The rust-openssl or sodiumoxide libraries would provide what you need to do this. sodiumoxide in particular provides both scrypt (which can be used as a KDF) and modern authenticated symmetric ciphers like secretbox (xsalsa20+poly1305) and also a chacha20+poly1305 AEAD mode, while also being widely ported (Windows, *IX, Mac, iOS, Android at least to my knowledge)
I imagine this working by prompting a user for a passphrase after cargo login, or allowing them to just hit enter for no passphrase.