Password protect / lock folder / Encryption at rest

Absolutely what I need. Thank you so much. I just need a simple solution to avoid prying eyes from non-tech people without having to encrypt/decrypt files.

Is this the sort of thing you’re looking for? obsidian://show-plugin?id=OA-file-hider

That’s a really simple and nice way of using Obsidian. I’ve never thought of making a"physical" vault.

A core plugin would be good there are so many users like myself i use company 3 laptops on if got from company so i don’t want anybody to access my personal files.

There can be 2 ways:

1. Lock Files inside the vault.
2. Lock the whole vault itself along with files.

Can you describe a possible workflow for using an encryption tool like Cryptomator on notes you want to access from Obsidian? I’m unfamiliar with using Cryptomator and using encryption tools in general (although I understand the principles).

1 Decrypt Obsidian’s folder
2 Open the vault in Obsidian
3 Use Obsidian
4 Close the vault
5 Encrypt the folder

It’s actually smooth and fast

Thank you! Seems simple enough if you don’t need mobile access to encrypted folders.

Cryptomator works on mobile too

Oh snap! Let’s go! Wait. I don’t have Obsidian Sync yet. With that, are folders accessible to other apps?

Thanks for sharing. Would this at all affect the ability to use Obsidian Sync? For both desktop and mobile?

I don’t use Sync, but a folder is a folder.
Works fine on cloud drives.
No idea about iOS. There is an iOS version.

Yes it would affect any sync process that was caught half done. I would expect Sync to be particularly vulnerable, but I don’t actually know.

I rarely use even my Android versions now, so I’d defer to anyone who’s actively using it.
I’ve seen it mentioned more on the Discord than the forum.

Actually maybe it would be alright. Once the folder is encrypted it’s unavailable to sync. But becomes available again when decrypted. But no background sync would be possible.

step 4 is unnecessary

So, 3 years passed and still no solution found as I see.

We have lock screen on a smartphone (Password protect / lock folder / Encryption at rest - #35)
But you can have Norton App Lock, that could add one more layer to your Device lock and Apps lock.
So, 4 at max.
(Btw for Windows there’s something old, like Game Protector that could very litely password protect any file you want from direct execution)

But do they protect your .md files?
No.

Cloud services is about to save, but not protect your files - as you can’t work directly from cloud, files suppose to be downloaded for local access. That makes them vulnerable locally (in addition to cloud vulnerability itself).

And if on PC it’s easily solvable thing with huge amount of encryption software, on Android there’s nothing I could find.
And the problem is - there’s just a few apps that can work on any platform. And none of that can integrate with Obsidian, as it somehow magically can’t see any cloud drives or mounted decrypted containers. And you need to put them somewhere for local access, again.

And if EDS for VeraCrypt (https://sovworks.com) have an option to “delete and fill space with random data”, it can’t save new files, only changes in those already existing in it’s container. You have to manually put it inside from place, where it won’t be covered with random data.

Which makes senseless using smartphone for notes. You have to sync your notes roughly by retyping it by hand to PC from some another encryption protected app.

With Meld-crypt addon nothing seriously changes, as it encrypts only notes, but nothing else. I have very sensitive canvas files for example.

Hiding folders is infantile - anyone from any file explorer could simply find last changed files in a seconds (learned that in MS-DOS era). And while all possible app or phone locks is on, your files lies open for every app you gave a permission to storage and internet.

The only additional layer that I found (and really don’t know if it really makes any difference) - is a virtual machine (not parallel/second space using “work” profile). With powerful device you could always keep one on (adding another amount of screen locks if you want) with Obsidian vault open.

But after so much time spent of finding a simple and obvious (and basic for 21 century) solution i’m already starting to loose my mind.

Hello guys. This thread is so Old i dont know if anyone is following it anymore i came here looking for somthing else.

If you use a Mac you dont need aditional software, i have a solution you can also use with other folders in your Mac, but it only works on Macs. I didnt read the whole thread so if it is already posted, im sorry.

What i did was to use the disk utility to encrypt the obsidian folders i wanted to keep secret, you can encript the whole vault too. If i want to read or write there i have to type my password. I sync with icloud but if you dont sync it’s going to be extreamly simple for you. A .dmg file will be created so you can move it where ever you want, and back it up.

1. Close obsidian.
2. Backup Opsidian.
3. Seriously, do a backup copy of the vault.
4. Go to disk utility > File > new image
5. Here you can create a blank image if you want to create an empty folder to save other secret documents too, if you dont, skip.
6. Image from folder>, select the entire vault or just the folder to keep secret> choose 256bits encription> type your password and thats it. Please note you just created an encripted image, but your folders are still in place, you will have to move them, delete them, whatever you want.
7. if you encripted the entire vault, and you are not using icloud to sync you finished. Now every time you want to open obsidian you first have to double click the .dmg file, type your password, and your vault will be in the new disk that appears in your finder. Now just open it from obsidian. The first time will load, the next times it will work as always. If you forget to decript or encript, dont worry, obsidian developers made a pretty neat job detecting missing files and will show you an error. Just decript and youll see everything again.

If you just encripted one single folder and you are syncing using icloud, i will give you the steps from here, but know that you will have to know how to use the terminal and create symlinks:

8. Because the folder, once is decripted, appears in a new disk mounted in /Volumes, out from your main vault, obsidian is not going to see it. So you need to create a sym link from the vault to /Volumes/your-folder-name… 

9. First rename the original folder or move it out from the vault.

10. Now you have to use this next comand from the terminal while inside the vault directory:
    sudo ln -s /Volumes/your-folder-name ./your-folder-name
    And thas all for you. remember to do this for each folder you want.

11. If you are using icloud your vault will be in /Users/YOUR-COMP-USER/Library/Mobile Documents/iCloud~md~obsidian/Documents/YOUR.obVault you have to execute step 8 from that directory.

I know that non techies will find it hard from 7. but if you look for any guide in google about ln -s in Macs terminals you will see it is pretty straight forward. You still have the option to create the Blank Image and drop anything you want there. Then move it to the vault every time you want to use it.

when using ln -s remember to use “sudo”, you need to execute it as root, it will ask for your mac password, if you dont, it will say you dont have enough benjamins. :).

Hope it helps.

Hey guys I know this forums very old now, but there’s a nice plugin that does what some you guys ask for. It doesn’t do like file encryption, but it conceals the vault via a pretty UI overlay. I think it’s currently in development so might have encryption soon? Here’s the link: GitHub - uthvah/locksidian: This is a simple Obsidian plugin that adds a simple password screen on app boot. This plugin does not add local file protection.

Hi,

Didnt find it but it would be cool to password protect note or folder, or lock it somehow so that is available only after entering pass.

Live Encryption

I understand that using Obsidian Sync, data is encrypted in transit (unencrypted locally, encrypted before, during and whilst in the cloud). It would be awesome to have live encryption, similar to competitors like Joplin, where a key manager is implemented to live encrypt and decrypt files during use and at rest. This would be hugely beneficial for people with stricter threat models. This would protect data from prying eyes who have a foothold on the host system (other local admins, corporate IT, bad actors). This would put the user in responsibility of managing their encryption keys and by affect, this would provider a higher level of trust that no parties upstream can access the data.

The goal would be to create a system designed to defeat any attempts of surveillance or tampering as no third party can decipher the data being communicated or stored.

Proposed Solution

I propose that every Obsidian Client has an added menu item in the options listed as ‘Live Encryption’. The users will have the ability to enable or disable encryption on their vaults. It would then prompt the user to create an encryption key and which cipher to utilise. The user will use this key on every other Obsidian client to then decrypt their notes. This may be manual method at first where the user must enter the decryption key on every client device configured. Potentially in the future we may be able to bind encryption keys to user accounts, similar to privacy respecting services like ProtonMail.
This would require key management tools being built into every client which I completely understand is cumbersome, however it would be greatly beneficial in regards to digital security and privacy.

Current Workarounds

Currently, users of Obsidian with stricter threat models rely on Veracrypt and other encryption tools to secure the Obsidian Local Files. This is only truely viable on a locally hosted instance and does not scale well into mobile operating systems. This has pushed some users to competitors who offer live-encryption on clients both desktop and mobile.

Thank you for your time!
-MaverickMidori

I want to add a side note here. Modern smartphones store user data in encrypted format with a key that is unlocked by your fingerprint/password/passcode/faceid/whatever you use. It’s a form transparent hardware encryption. Similarly, on windows you could use something like Bitlocker. I am sure there is something similar on mac.

Long story short: If you want, you can already have live encryption capabilities at rest using your OS.

Also could be a plugin idea?