[Security] Vault contents exposed outside the vault's directory

Hello everyone! :wave: I’m very much enjoying using Obsidian :tada: However, I have a couple of questions about data security.

I initially assumed that all vault content would be stored only within the vault’s directory, but after reading “How Obsidian stores data”, I started investigating the data stored within the Obsidian system directory. From what I’ve found so far, it looks like at least two kinds of vault content are exposed within this directory, specifically within the IndexedDB databases:

  1. Within the {VAULTID}-cache database, the file table exposes the names and paths of the files within the vault (Markdown files, images, etc), and the metadata table exposes the headings/tags/etc used by the Markdown documents within the vault.
  2. If the File Recovery core plugin is enabled (and I believe it’s enabled by default), then the {VAULTID}-backup database stores the snapshots of the Markdown documents.

For Obsidian vaults containing sensitive content, I place them inside macOS encrypted disk images, making the assumption that this was sufficient to keep all the data encrypted, but now I realise that data is being exposed in files outside these encrypted disk images, via the IndexedDB databases :warning:

So I have a couple of questions:

  1. Apart from the IndexedDB databases, are there any other files outside the vault’s directory which expose the vault’s contents in any way?
  2. I’m wondering whether the Obsidian dev team could consider storing the IndexedDB databases within the vault directory? For example, at /.obsidian/indexeddb/ or another suitable location within the vault’s /.obsidian/ directory. In this way, if the vault is placed within an encrypted disk image, then no vault-specific content will be exposed unencrypted outside it (assuming there are no other files outside the vault’s directory which expose the vault’s contents). I think this would be a big improvement from a security perspective, for anyone who uses Obsidian to store sensitive content.

Many thanks in advance to anyone who can assist me with these questions :pray:

2 Likes

It’s not that simple to move indexeddb to the vault location, especially if you have multiple vaults.

Another reason why some data was moved from an in vault file to out of vault IndexedDB is compatibility with third party sync apps.
If you keep these cache and data structure files in vault and run a third party sync solution you are guaranteed to generate file conflicts and/or break stuff (search bug reports of mid 2020).

A trivial thing that you can try is to symlink the obsidian’s system directory so that it physically resides in your encrypted drive (but not in the vault directory).

If this level of security is important to you, you should be afraid of third party plugins and of obsidian itself exfiltrating your data.

My advice is to look not just into encrypted disk images but whole app container systems (like docker).

2 Likes