"easily transferred secret key" is an oxymoron, because the main purpose of the secret key is to be, well, impossible to guess or copy. that's why i'd recommend to generate the unique secret key on every user device and use them to encode your data stored on that particular device (and nowhere else).
when you transfer the data, you may ask the user to create the password, and encrypt transferred data with that password. and ask the user to enter the same password on the receiving device in order to decrypt the transfer and encrypt back again, but using the unique device key.