What is your threat model? That will determine the best answer.
The easiest thing is to use OS-level encryption.
Cheers,Greg