Best Practice for saving/managing data in plugin

I’m searching for some help / best practice how to save data in plugins. I’m planning to extend my plugin. The goal is to manage a list of emails addresses by the plugin. (At the moment this has to be handled by the site admin.) If I decide to create a data pool, this must be as most secure as possible.

My questions are:

  • How should I store the data?
    (My thoughts: Grav is a flat file CMS, so CSV files are the first option. But sqlite or an external database is also a possible way.)

The easiest way would be to store data that is easy to interpret in the /user/data-folder, as this is persistent. A plugin can easily take input and append it to JSON, or even YAML or heavier formats like SQLite or CSV, and then store it. The data-folder will be as secure as the site owner makes it, and as long as it is only exposed internally to plugins (incl. Admin), then that should be sufficient.

Email-addresses are not very sensitive data, so even in the case of a data-breach (of the server), it would not have a major impact. You could encrypt the addresses, but this would be wasteful as they would have to be easily decrypted to be of any use.

flex-directory plugin is maybe already exactly what you need? At least it is a good example anyway

Thank you for your tips.
I think, json may a good choice as well. I will also look at the flex plugin for a little inspiration.

In the Comments plugin we store a comment under user/data/comments. The basic way it works is:

use RocketTheme\Toolbox\File\File;
$data = array(/*something*/);
$file = File::instance(DATA_DIR . 'comments/myfile.yaml');

Storing as YAML is nice because much more readable than JSON, and it’s “just files”.