I’m working on a snap that will need encrypted files supplied as after the snap is installed, (e.g. the encrypted files are not part of the snap). Those encrypted files should be located in a keystore-path.
The snap runs a service, which needs a password + the files located in the keystore-path to start. The password lives in a password-file
In fact $HOME/snap/<snapname>/current is the snaps home, all snaps can access this via the $SNAP_USER_DATA variable and $HOME will by default point to this directory at runtime. current is a symlink to a versioned directory, so that if you roll back and forth your snap revision (using snap revert and snap refresh), your $HOME will always find the exact data for the particular version.
Equivalently $SNAP_USER_COMMON points to $HOME/snap/<snapname>/common which is unversioned and should hold payload data of your snap that you do not want duplicated by version.
/var/snap/<snapname>/current and /var/snap/<snapname>/common are the system level equivalents to this (but only root writable since they live in /var where normal users can not write) and can be accessed through the $SNAP_DATA and $SNAP_COMMON variables.