Encryption of files within ASAR - Where is the mount point?



We’ve been looking for a way to protect the packaged ASAR from cursory inspection (with asar -extract) and wanted to encrypt files within it before packaging. Obviously modifying and rebuilding Electron is necessary, therefore myself and a colleague have been trawling through source to find the point at which the ASAR package is mounted / read

What we’d like to do is obfuscate and bake the decryption key within the Electron executable itself, then decrypt files within the ASAR when a seek within the ASAR happens.

Can anyone with experience of the source point us to where this might be?
Otherwise provide any other advice?