diff --git a/README.md b/README.md
index d49eb32..8671ea3 100644
--- a/README.md
+++ b/README.md
@@ -32,6 +32,7 @@ accountConfig := &connection.Config{
 	Password:        "examplePassword",
 	UserAgent:       "myApps (Go)",
 	SessionFilePath: "myapps_session.json",
+	SecretKey:       []byte("Secretkey to encrypt myapps sessionkeys on local disk"),
 	Debug:           true,
     InsecureSkipVerify: false,
 }
@@ -44,6 +45,7 @@ In this example, the following information is provided:
 - **Password**: The password for the myApps account you want to use.
 - **UserAgent**: The user agent that will be sent to the myApps server. This is used to identify sessions of the client at the Account Security list within the myApps Clients.
 - **SessionFilePath**: The file path where the session keys state will be stored. This allows you to resume a session after a disconnect. Please note that they are (for now) unencrypted stored.
+- **SecretKey**: A Password to encrypt the SessionFilePath file on the local disk
 - **Debug**: A boolean value indicating whether or not to enable debug logging. Default is false, meaning no debug messages.
 - **InsecureSkipVerify**: A boolean value indicating whether or not to verify the SSL/TLS certificate. Default is false, so connections are aborted, if the Host does not provide a valid certificate.
 
@@ -107,6 +109,7 @@ func main() {
 		InsecureSkipVerify: true,
 		UserAgent:          "myApps Go client",
 		SessionFilePath:    "myapps_session.json",
+		SecretKey:          []byte("Secretkey to encrypt myapps sessionkeys on local disk"),
 		Debug:              true,
 	}
 
@@ -148,6 +151,7 @@ func main() {
 		InsecureSkipVerify: false,
 		UserAgent:          "myApps Go client",
 		SessionFilePath:    "myapps_session.json",
+		SecretKey:          []byte("Secretkey to encrypt myapps sessionkeys on local disk"),
 		Debug:              true,
 	})
 
@@ -158,6 +162,7 @@ func main() {
 		Password:        "examplePassword2",
 		UserAgent:       "myBot (Go)",
 		SessionFilePath: "myapps_session_2.json",
+		SecretKey:       []byte("a different Secretkey"),
 		Debug:           true,
 	})
 
@@ -168,6 +173,7 @@ func main() {
 		Password:        "examplePassword3",
 		UserAgent:       "myApps (Go)",
 		SessionFilePath: "myapps_session_3.json",
+		SecretKey:       []byte("another one"),
 		Debug:           true,
 	})
 
diff --git a/connection/myapps.go b/connection/myapps.go
index b901b86..0972566 100644
--- a/connection/myapps.go
+++ b/connection/myapps.go
@@ -8,7 +8,6 @@ import (
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"log"
 	"math/rand"
 	"net/http"
@@ -17,6 +16,7 @@ import (
 	"time"
 
 	"github.com/gorilla/websocket"
+	"github.com/ricoschulte/go-myapps/encryption"
 )
 
 const session_length_usr = 32
@@ -37,6 +37,7 @@ type Config struct {
 	Username           string                 `yaml:"username"`           // Username of the pbx
 	Password           string                 `yaml:"password"`           // Password to the Username
 	SessionFilePath    string                 `yaml:"sessionfilepath"`    // Filename to a local JSON file to store the session. Will be created if it not exists
+	SecretKey          []byte                 `yaml:"-"`                  // the key to encrypt local files
 	UserAgent          string                 `yaml:"useragent"`          // the User Agnent shown in the list of current sessions in the user profile
 	Handler            MessageHandlerRegister // list of message handler on the session
 	RedirectHost       string                 // is set, when the user is located not in the master and should open a connection to the secondary pbx
@@ -113,7 +114,7 @@ func (myappconfig *Config) GetSessionKeys() (string, string, error) {
 	}
 
 	// read file
-	file, err := ioutil.ReadFile(myappconfig.SessionFilePath)
+	file, err := encryption.DecryptFileSha256AES256(myappconfig.SecretKey, myappconfig.SessionFilePath)
 	if err != nil {
 		return "", "", err
 	}
@@ -161,7 +162,7 @@ func (myappconfig *Config) SaveSessionKeys(usr, pwd string) error {
 	}
 
 	// write file
-	if err := ioutil.WriteFile(myappconfig.SessionFilePath, file, 0600); err != nil {
+	if err := encryption.EncryptFileSha256AES256(myappconfig.SecretKey, file, myappconfig.SessionFilePath, 0600); err != nil {
 		return err
 	}
 
diff --git a/examples/multiuser/example.go b/examples/multiuser/example.go
index e856bd4..54640e2 100644
--- a/examples/multiuser/example.go
+++ b/examples/multiuser/example.go
@@ -20,6 +20,7 @@ func main() {
 		InsecureSkipVerify: false,
 		UserAgent:          "myApps Go client",
 		SessionFilePath:    "myapps_session.json",
+		SecretKey:          []byte("Secretkey to encrypt myapps sessionkeys on local disk"),
 		Debug:              true,
 	})
 
@@ -30,6 +31,7 @@ func main() {
 		Password:        "examplePassword2",
 		UserAgent:       "myBot (Go)",
 		SessionFilePath: "myapps_session_2.json",
+		SecretKey:       []byte("Secretkey to encrypt myapps sessionkeys on local disk"),
 		Debug:           true,
 	})
 
@@ -40,6 +42,7 @@ func main() {
 		Password:        "examplePassword3",
 		UserAgent:       "myApps (Go)",
 		SessionFilePath: "myapps_session_3.json",
+		SecretKey:       []byte("Secretkey to encrypt myapps sessionkeys on local disk"),
 		Debug:           true,
 	})
 
diff --git a/examples/singleuser/example.go b/examples/singleuser/example.go
index 9c6d5af..46b69ca 100644
--- a/examples/singleuser/example.go
+++ b/examples/singleuser/example.go
@@ -17,6 +17,7 @@ func main() {
 		InsecureSkipVerify: true,
 		UserAgent:          "myApps Go client",
 		SessionFilePath:    "myapps_session.json",
+		SecretKey:          []byte("Secretkey to encrypt myapps sessionkeys on local disk"),
 		Debug:              true,
 	}