#6

I’m also looking for something like this. I want to use this for creative writing and journaling, and I don’t want just anyone to open or see my files or the program and be able to read confidential material. So far this is my largest hurdle to adoption.

4 Likes
#7

The most secure encryption option is one that’s independent, with strong arguments for open source (though I’m aware of counter arguments). It’s a specialised field and it’s best to have specialist software. Then you never have to worry about whether it has been implemented properly or updated against the most recent threats.

4 Likes
#8

Hey there, what about simply hide the folder that contains your md files and add the option to Obsidian to enter with PASS (without encrypting anything). This could be a possible plugin, isn’t it?

#9

Local files is one reason why I love Obsidian!

Personally, I prefer simpler solutions. Adding a password protect adds more complexity to Obsidian.

I password protect my computer when I walk away form it. That’s good enough for me.

If I wanted to have more security on my mac I would create an AES-256 encrypted sparse bundle.

If I really wanted to go for it and feel like a secret agent, I would put a sparse bundle on a memory stick or hard drive and keep it in a physical vault!

2 Likes
#10

Instead of inventing a new solution, it would be great of Obsidian could use a standard tool like gpg. Or maybe it could be more customizable by allowing options for “encrypt file” / “decrypt file” where the contents of a file are passed through an external program before being displayed or written to disk.

Emacs and org-mode do a great job (imo) of allowing encrypted notes using gpg. You can encrypt specific parts of a note, or you can encrypt the entire file with gpg and emacs opens it transparently.

vim can also be used to transparently decrypt and edit .gpg files.

2 Likes
#11

Implementing something like this in a text editor is not so simple. I would recommend using protections available on the computer/device you use to interact with Obsidian (drive encryption, authentication mechanisms, etc.). If you keep your device locked when you are away or not using it, then your Obsidian data is still protected.

1 Like
#12

Would be good if we had the ability to lock a Vault with a Password or Pin. E2EE would be nice too like with StandardNotes.org

5 Likes
#13

How could you do this when all the contents of the vault are just files available to any program?

Presumably it would have to be the same as an encryption program working on the folder before and after use.

In which case, why not just use one?

I suppose any syncing program might take a bit of watching, but that could be an issue either way.

1 Like
#14

I understand the issue and it may not make sense but a simple pin would help keep at least the application from being accessible even so your files are local.

At the moment, if I store any sensitive info, I store my Vault in a Cryptomator.org Drive locally.

1 Like
#15

In Evernote you can encrypt a line or paragraph in a note. I wanted that in Obsidian but didn’t want to ask the team to do encryption when they’re doing so many other wonders for us users.

I went searching… found a lot of solutions to make a text note (*.md) more ‘secure’. I liked Eclipse v0.25 (free, there are many others). Where/when ever I store sensitive info in a note:
User name
password
for example:
-----BEGIN MYSECRET-----
TVn8AM7RV14wYlXQhKGgNeFaHIo+uNpFYO+1jRJ62f6On6aicBFvdzzVeFXp
CJ1qCQT7YKXGgEhgE1m4q3eNHY0U2Ry8KsVBfd7t22uoDMDEZDzUexwAubgf
6fs=
-----END MYSECRET-----
↑=↓
user name
password

Highlight sensitive info… use a hotkey to engage Eclipse v0.25 from tray & then w/pin I can quickly enter on Numpad - I can encrypt or decrypt.

Obsidian only works in edit mode. Makes it secure from all programs & I can use Eclipse in any program that manipulates text… Typora, VS Code, Libra Office… for example to access the info again.

I like this better than encrypting the whole directory, but could probably do the directory thing with veracrypt or 7zip and a batch file or AHK script.

6 Likes
#16

Different possible use cases, but given the nature of Obsidian I second what @bscott highlighted. Going down the path of full lock and encrypt would introduce limitations that are taking away from the flexibility of plain text storage. There are plenty of tools to protect data. The ask here is maybe simply the ability to hide folders from prying eyes. :sunglasses:

#17

I’m not a fan of vault-wide encryption because of the plain text issues mentioned above, and think that this is going beyond what i expect of a plain text editor. But I think selection of text within files and encryption of parts would be excellent plug-in territory?

I would fear that the extra processing vault-wide would make the built in searching / unlinked mentions etc. very slow.

1 Like
#18

In my opinion a vault wide enrcryption makes a lot of sense.
There is software out there which could encrypt an OS folders like veracrypt, … but an encryption just on the OS folder level is not enough in my opinion. It adds a lot of security if the decryption only happens in the obsidian software and not in the OS file system.

  1. A possible Hacker could only read the encrypted text files. He would have to read the ram to get to the decrypted file or the encryption key which costs time and a lot of ressources to do. And could only happen while you have opened that vault in Obsidian.

  2. Sync Software (like Google Drive, One Drive, …) would only see the encrypted files. Decryption only happens in Obsidian. If the files are decrypted through a third party software like veracrypt the whole folder would have to be resynced.

It is best to always assume that your computer system is potentially compromised. Having plain Text is the worst situation in that case. Its like with your house or flat. A good door lock does not prevent a burglar from breaking the window and simply entering your house. But do you leave your front door open when you leave the house because of that? Or do you use the cheapest lock for your front door that can be cracked by any burglar in seconds? It’s total nonsense, reckless and stupid to do something like that.

Sometimes it’s more about minimizing the chances of unauthorized access than completely excluding it. That’s how I see it with a native encryption of Vault’s inside Obsidian.

I think that encryption is not optional but mandatory because we are talking about a kind of second brain where sensitive information can be stored like passwords, credit card information, company information, your next business ideas …

2 Likes
#19

From a security point of view, these should should not be in a file with other notes, nor should they be part of a general cloud backup. (Though there’s no reason they couldn’t be in a vault of their own that receives special treatment. )

There are inherent weaknesses in programs adding encryption - developers are unlikely to be encryption experts, and it can give users a false sense of security. If someone has access to your system, all programs used frequently will be vulnerable. A degree of password protection is a different thing.

Most people can encrypt their hard drives, and many their whole computer. Data that needs securing is best hidden as well as encrypted. Data that doesn’t need securing is best accessed easily to reduce the number of times any password is entered (there always being a risk of it being read then if a system is compromised) and to reduce the risk of from everything being unlocked to get at files that didn’t need to be locked in the first place. If it’s too inconvenient, users won’t use it or will circumvent it as best they can.

1 Like
#20

I can understand that. My thought was also more in the direction that encryption as a function in Obsidian should be available in any case. But the use of encryption can be optional and depends on the purpose of use.

Today there are very good open-source libraries for encryption. A developer does not have to understand every detail about a PGP or AES256 encryption to use it. As long as one uses best-practice there should not be that big of a problem. Is it as good, as made by an encryption expert? Probably not but at least it gives a bit more security. Like you said:

And combined with other measures, secure OS Password, HDD/SSD Encryption, … it could contribute to the overall security of one’s digital information.

By the way, passwords and encryption in itself are useless if you consider the possibility of a “wrench attack” ;-). Nevertheless, it is better to have an encryption than none at all!

I myself use a well-known note-taking app for my business information and I would like to switch fully to Obsidian. But without encryption, I will not do that and I will only use Obsidian for superficial information.

1 Like
#21

The problem is that the way it is integrated can open an attack vector. It’s just as easy for users to apply the encryption themselves.

You could have your business information on a separate encrypted SSD, and only attach it to the computer when you were using that data (extra layer of safety because even the encrypted files aren’t available to the system). You could even further encrypt the Obsidian folders. More protection than you have now without any encryption in Obsidian itself.

1 Like
#22

Yes, but the moment I decrypt the folders, they are readable in plain text by everyone else who has access to my file system. The only way to prevent this would be to decrypt the data exclusively in RAM. Which again only makes sense in case Obsidian does the decryption itself.
By the way, I am more or less a workaholic, the decrypted SSD would be connected to the system all day long.

#23

All Obsidian’s features require the whole vault to be decrypted - search, links, graph - and the simultaneous use with other programs only works because the files are open.

afaics, what you’re looking for can only be offered with a database solution.

1 Like
#24

Yes, you are right. In that case, I think it is just not possible.
Maybe encryption of certain lines and paragraphs inside Obsidian would be a possibility.

#25

I think if you need encrypt folder or more, then it is not for Obsidian at all. It is for encrypted filesystem and so on.

But encrypt one note in RAM-only is very concrete task. Case “this one page contains very very private data and vault contains neutral or public data” is not as useless as you can see. And search with encrypted data and public data both - what for?