Run entire Vault from a single encrypted Zip file

Use case or problem

Individual .md files can be searched by the OS. Obsidian shouldn’t be a secure platform as it could take away from the open markdown standards and etc. But having the entire vault in a single, lightly encrypted Zip file would do wonders for privacy. It could be a simple 4 or 6 digit PIN to keep the encryption/decryption performance penalty low.

Proposed solution

A plugin that can open a zipped vault folder and prompt for the Zip password at startup.

Current workaround (optional)

There’s no option for privacy.

Related feature requests (optional)

Some other requests, but nothing is as simple or elegant as a lightly encrypted zip file.

I’ve used VeraCrypy to create a secure mini virtual drive where I stored a secret Obsidian vault.

So basically I start VC, decrypt that drive with a password, open Obsidian and click on the vault which will still be listed there but will only be accessible when the VC drive is available. Simple, fast, super-secure.

1 Like

There are ways to make it secure, but they run into other problems. For example, they’re impractical, they’ve got other vulnerabilities, they get in Obsidian’s way, they take away the freedom that using plain text files gives us, etc. In using something like VeraCrypt, your data is still exposed to the system when it’s been decrypted. One example is an infection that sends data to your address book. Suddenly a client has my pricing sheet with markups or my child’s therapy notes.

The issue is really about privacy, not security. Keeping the data from being searched in the system or so easily accessible to every other running process on the machine is the real goal.

I think a Zip file with light encryption solves every privacy concern using well-known standards while perfectly preserving the local-first non-proprietary nature of Obsidian.

Zip files are temporarily decompressed on the computer’s drive while you work on them (and possibly in the computer’s memory, too), which are still easily accessible to any running process…

If Obsidian had a native encryption system in place, that would probably make things harder to bypass.

Possibly running Obsidian in a virtual machine (or maybe a container like Docker) would achieve your goal of sandboxing your vault from everything else on your PC.