I have a WPF client that uses a JWT to access an ASP.NET Core Web API. I already having the client app running quietly in the 'System Tray'[1]. I would like to have the app start on Windows startup and continue running quietly there until the user needs it, but that would require the user to login again on each startup, making 'quietly' meaningless.
To prevent this, I will need a remember me option on the login dialogue, and when checked, I will have to safely store the JWT in use until the next startup.
How should I go about this? I have seen recommendations on using the registry or Isolated Storage for persisting runtime data over just storing it out on the hard drive somewhere. Then I would have to encrypt the JWT to keep it secure, but then a very similar question arises on how to store the encryption key.
How can I securely store these two values, most preferably in separate places?
[1] Or whatever it is called these days.