Do you envisage creating a tool to directly generate the keychain.json file ? My purpose is to avoid to give passwords for shared data. With Active Directory and GPO/logon scripts, my selected users could generate this file (with encrypted password) with a tool and cryptomator would automatically open shared , encrypted data. A combination of an encrypted file to get password, the id of directories and the path to data would secure this usage.
The keychain.json file is currently generated when using the save password functionality on Windows systems. To our knowledge this file can not be generated on another system. We use the function CryptProtectData which uses symmetric encryption and thus can not be run on behalf of another user. This file must be generated by each authorized user and thus transfer of the password is currently required.
If you know some way of encrypting some data with the Windows API using asymmetric encryption for a specific user, this maybe an option for the future.