Password protect / lock folder / Encryption at rest

Rather than insisting that a plain text application add something out of scope, why not use one of the many note taking applications that do offer encryption?

Here’s a list of alternates which are all open source as well (unlike Obsidian; a big benefit if you’re talking about encrypted notes):

https://www.privacytools.io/encrypted-notebooks

However, in your comment you’re not really talking about encrypting the notes, you’re more talking about having a password to just open the app.

So you could use a tool for Windows or Mac that puts a password lock on any application.

Here’s an example for Windows: https://www.gilisoft.com/product-exe-lock.htm

I use this plug-in for sensitive notes, it works very well:
obsidian://show-plugin?id=meld-encrypt

2 Likes

Sometjing to note, TiddlyWiki 5 uses the Stanford Javascript Crypto Library (SJCL) to allow encryption of the entire .html or individual pages (tiddlers) using AES 128 (128 default, but can be and planned to be made AES 256) using a bit of javascript.

Is this something that can be done in Obsidian?

The plugin allowing for encryption and decryption unfortunately does not use the live preview of the formattted text last I tried it.

One key aspect nobody has mentioned so far but is perhaps the most important factor in this, is that using Cryptomator or Veracrypt to encrypt vaults is a futile endeavor because the full, plain text content of every note is still stored in the indexed .txt files in Appdata->Roaming->Obsidian.

So even if you encrypt the vault, once you de-crypt it and open it with Obsidian, all those plain text, human readable contents are stored in Appdata, even if you then un-mount the encrypted veracrypt/cryptomator container.

So this is not a viable solution to the most popular pain points articulated in the comments:

I want to have my notes on my job’s laptop without anybody being able to look at them.

I want to use this for creative writing and journaling, and I don’t want just anyone to open or see my files or the program and be able to read confidential material. So far this is my largest hurdle to adoption.

Perhaps I didn’t mention it in this thread, but I did in another thread:
Yes, you should disable file recovery plugin (that’s the one the keeps the copies of your notes for recovery purposes).

There is still some metadata that is stored in obsidian to make it work fast (note names, links). If you want to protect that too, you need to also put in the veracrypt vault the obsidian “roaming” directory.

Thank you for chiming in.

I tried via multiple ways to move the appdata->roaming->obsidian folder into an encrypted container in both VeraCrypt and Cryptomator, but Obsidian simply remakes it in Appdata.

What worked is removing access privileges to the “IndexedDB” folder (Properties->Security->Advanced->Disable inheritance), that way Obsidian can’t create the .log file there which contains the data you mentioned. I checked all other folders and files, and that one .log file seems to be the only one that stores data from the vault.

I don’t think that’s gonna make obsidian work properly. It’s better if you move the roaming directory in the veracrypt vault and leave a link/junction to the new location in the old place.

1 Like

Thanks for that useful info. I’m also interested in this topic.

So, if I was to set up a symbolic link to roaming directory, pointing at veracrypt drive, that would handle issue with index files. Is it also possible to also to do this for the file recovery plugin?

I’m using windows here.
Thanks!

But I don’t understand what you mean by specifying the .md type? You can encrypt everything with e.g., RSA, and if its a folder or multiple files you simply archive it and then encrypt it (works for every os). If Obsidian is a texteditor or not should have nothing to do with vault encryption because the functionality doesnt relate to the encryption method. I dont see it complex, you simply create a batch to decrypt an password protected 7z archive with the obsidian notes after giving the password to the console, and after launch obsidian (automatically) super save and easy (7z uses AES) and just a single click + password entry no more effort.
You can also use Veracrypt (and also automate via batch) but this may is overkill and takes more effort. 7z should be alright, fast and easy to use.
I dont see the problem

You can’t imagine how often I hear that phrase from people who will not implement feature which is addressed to people who will implement feature :slight_smile:

I agree, that it might be done.
I agree, that It might be not as complex as I mentioned before. But I still can see a lot of moving parts (how app should behave when it can’t encrypt, if there is no right to folder, no space left, what if file was broken, what if file is locked, a lot of things to think for the user).

I believe, that each layer of abstraction or end-user simplification add layers of complexity for maintaining, debugging, user support, feature extension and increase production cost for a developer.

Anyway, if it was team’s focus I think we already had that at least some kind of feature prototype.
As I don’t see the feature in Obsidian I was tried to help people to achieve their goals using other tools like VeraCrypt.

Hi all, I would go further and argue that Microsoft Onenote has the drop on Obsidian - even though Onenote is old and been beaten up by the UGLY STICK big time! - for offering password encryption, automatic AFK password locking, AND the ability to share Sections with friends via another password that does not unlock your whole Onenote app for them to read!

I really want AFK. While at lunch, I often read the notes on my phone. A tag-team of 2 thieves might get it one day. “Hey mate - what’s that you’re eating there? Looks good!” and BOOM! The other guy has my phone while it’s open and my NOTES APP is open as well!

At least with AFK password locking by the time they get somewhere quiet to investigate - hopefully my app has locked! I’m close to deciding on Obsidian - but Upnote already has password & AFK in place - even if there servers are on Firebase and do not technically get encrypted. Why can’t all the good things be in the one app? (It also lacks sharing Sections with visitors. One password for the entire app - not multiple for different Sections.)

With the amount of ID theft and scams going on in the world - I would have thought this level of security would be standard by now?