Password protect / lock folder / Encryption at rest

Hi,

Didnt find it but it would be cool to password protect note or folder, or lock it somehow so that is available only after entering pass.

71 Likes

Right now you can use something like VeraCrypt containers where you can store your notes.

Related links:

2 Likes

I will check thisā€¦tnx

But would be cool to protect directly folder in Obsidian.

1 Like

Iā€™m not sure what understand how it should work. All notes are simple .md files. Obsidian in that case work as a text editor which could read your folder. As any other text editor.

But if you want Obsidian to lock your folder in your operating systemā€¦ I think this one will be a complex task (encryption, OS different file systems, backup ways to restore folder).

6 Likes

There are possibly ways to implement that already built-into every platform, but the challenge here is that every platform probably handles this in their own way. So, if Obsidian wanted to allow users to have ā€˜password-protected, encrypted vaultsā€™, theyā€™d probably have to implement their own, cross-platform way of doing it. Not a trivial taskā€¦

2 Likes

Iā€™m also looking for something like this. I want to use this for creative writing and journaling, and I donā€™t want just anyone to open or see my files or the program and be able to read confidential material. So far this is my largest hurdle to adoption.

8 Likes

The most secure encryption option is one thatā€™s independent, with strong arguments for open source (though Iā€™m aware of counter arguments). Itā€™s a specialised field and itā€™s best to have specialist software. Then you never have to worry about whether it has been implemented properly or updated against the most recent threats.

5 Likes

Would be good if we had the ability to lock a Vault with a Password or Pin. E2EE would be nice too like with StandardNotes.org

7 Likes

How could you do this when all the contents of the vault are just files available to any program?

Presumably it would have to be the same as an encryption program working on the folder before and after use.

In which case, why not just use one?

I suppose any syncing program might take a bit of watching, but that could be an issue either way.

1 Like

I understand the issue and it may not make sense but a simple pin would help keep at least the application from being accessible even so your files are local.

At the moment, if I store any sensitive info, I store my Vault in a Cryptomator.org Drive locally.

1 Like

In Evernote you can encrypt a line or paragraph in a note. I wanted that in Obsidian but didnā€™t want to ask the team to do encryption when theyā€™re doing so many other wonders for us users.

I went searchingā€¦ found a lot of solutions to make a text note (*.md) more ā€˜secureā€™. I liked Eclipse v0.25 (free, there are many others). Where/when ever I store sensitive info in a note:
User name
password
for example:
-----BEGIN MYSECRET-----
TVn8AM7RV14wYlXQhKGgNeFaHIo+uNpFYO+1jRJ62f6On6aicBFvdzzVeFXp
CJ1qCQT7YKXGgEhgE1m4q3eNHY0U2Ry8KsVBfd7t22uoDMDEZDzUexwAubgf
6fs=
-----END MYSECRET-----
ā†‘=ā†“
user name
password

Highlight sensitive infoā€¦ use a hotkey to engage Eclipse v0.25 from tray & then w/pin I can quickly enter on Numpad - I can encrypt or decrypt.

Obsidian only works in edit mode. Makes it secure from all programs & I can use Eclipse in any program that manipulates textā€¦ Typora, VS Code, Libra Officeā€¦ for example to access the info again.

I like this better than encrypting the whole directory, but could probably do the directory thing with veracrypt or 7zip and a batch file or AHK script.

7 Likes

Different possible use cases, but given the nature of Obsidian I second what @bscott highlighted. Going down the path of full lock and encrypt would introduce limitations that are taking away from the flexibility of plain text storage. There are plenty of tools to protect data. The ask here is maybe simply the ability to hide folders from prying eyes. :sunglasses:

Iā€™m not a fan of vault-wide encryption because of the plain text issues mentioned above, and think that this is going beyond what i expect of a plain text editor. But I think selection of text within files and encryption of parts would be excellent plug-in territory?

I would fear that the extra processing vault-wide would make the built in searching / unlinked mentions etc. very slow.

1 Like

Hey there, what about simply hide the folder that contains your md files and add the option to Obsidian to enter with PASS (without encrypting anything). This could be a possible plugin, isnā€™t it?

2 Likes

Local files is one reason why I love Obsidian!

Personally, I prefer simpler solutions. Adding a password protect adds more complexity to Obsidian.

I password protect my computer when I walk away form it. Thatā€™s good enough for me.

If I wanted to have more security on my mac I would create an AES-256 encrypted sparse bundle.

If I really wanted to go for it and feel like a secret agent, I would put a sparse bundle on a memory stick or hard drive and keep it in a physical vault!

4 Likes

Instead of inventing a new solution, it would be great of Obsidian could use a standard tool like gpg. Or maybe it could be more customizable by allowing options for ā€œencrypt fileā€ / ā€œdecrypt fileā€ where the contents of a file are passed through an external program before being displayed or written to disk.

Emacs and org-mode do a great job (imo) of allowing encrypted notes using gpg. You can encrypt specific parts of a note, or you can encrypt the entire file with gpg and emacs opens it transparently.

vim can also be used to transparently decrypt and edit .gpg files.

6 Likes

Implementing something like this in a text editor is not so simple. I would recommend using protections available on the computer/device you use to interact with Obsidian (drive encryption, authentication mechanisms, etc.). If you keep your device locked when you are away or not using it, then your Obsidian data is still protected.

1 Like

In my opinion a vault wide enrcryption makes a lot of sense.
There is software out there which could encrypt an OS folders like veracrypt, ā€¦ but an encryption just on the OS folder level is not enough in my opinion. It adds a lot of security if the decryption only happens in the obsidian software and not in the OS file system.

  1. A possible Hacker could only read the encrypted text files. He would have to read the ram to get to the decrypted file or the encryption key which costs time and a lot of ressources to do. And could only happen while you have opened that vault in Obsidian.

  2. Sync Software (like Google Drive, One Drive, ā€¦) would only see the encrypted files. Decryption only happens in Obsidian. If the files are decrypted through a third party software like veracrypt the whole folder would have to be resynced.

It is best to always assume that your computer system is potentially compromised. Having plain Text is the worst situation in that case. Its like with your house or flat. A good door lock does not prevent a burglar from breaking the window and simply entering your house. But do you leave your front door open when you leave the house because of that? Or do you use the cheapest lock for your front door that can be cracked by any burglar in seconds? Itā€™s total nonsense, reckless and stupid to do something like that.

Sometimes itā€™s more about minimizing the chances of unauthorized access than completely excluding it. Thatā€™s how I see it with a native encryption of Vaultā€™s inside Obsidian.

I think that encryption is not optional but mandatory because we are talking about a kind of second brain where sensitive information can be stored like passwords, credit card information, company information, your next business ideas ā€¦

7 Likes

From a security point of view, these should should not be in a file with other notes, nor should they be part of a general cloud backup. (Though thereā€™s no reason they couldnā€™t be in a vault of their own that receives special treatment. )

There are inherent weaknesses in programs adding encryption - developers are unlikely to be encryption experts, and it can give users a false sense of security. If someone has access to your system, all programs used frequently will be vulnerable. A degree of password protection is a different thing.

Most people can encrypt their hard drives, and many their whole computer. Data that needs securing is best hidden as well as encrypted. Data that doesnā€™t need securing is best accessed easily to reduce the number of times any password is entered (there always being a risk of it being read then if a system is compromised) and to reduce the risk of from everything being unlocked to get at files that didnā€™t need to be locked in the first place. If itā€™s too inconvenient, users wonā€™t use it or will circumvent it as best they can.

1 Like

I can understand that. My thought was also more in the direction that encryption as a function in Obsidian should be available in any case. But the use of encryption can be optional and depends on the purpose of use.

Today there are very good open-source libraries for encryption. A developer does not have to understand every detail about a PGP or AES256 encryption to use it. As long as one uses best-practice there should not be that big of a problem. Is it as good, as made by an encryption expert? Probably not but at least it gives a bit more security. Like you said:

And combined with other measures, secure OS Password, HDD/SSD Encryption, ā€¦ it could contribute to the overall security of oneā€™s digital information.

By the way, passwords and encryption in itself are useless if you consider the possibility of a ā€œwrench attackā€ ;-). Nevertheless, it is better to have an encryption than none at all!

I myself use a well-known note-taking app for my business information and I would like to switch fully to Obsidian. But without encryption, I will not do that and I will only use Obsidian for superficial information.

4 Likes