Hey everyone! :)
I am currently looking to replace Obsidian with a self-hostable alternative (that preferably also uses Markdown - but it’s not a must) but instead of storing the files directly on disk has a way to have all the files within in an encrypted vault / binary format.
Reason being I have very very sensitive data that needs to be stored (employee & medically related).
I read that Logseq used to support this feature but it has since been deprecated, some light googling didn’t surface any results other than that so I would be delighted if anyone had any suggestions!
Thanks so much in advance for any and all help! :)
edit: Forgot to mention that it needs to support Linux as well as Android
Joplin can encrypt and it is selfhostable and uses Markdown
Benefit: apps for every platform
After some more research it seems that Joplin only E2E encrypts notes at transport and not at rest[1]? e.g. it only stores plain text files on the harddrive just like Obsidian does? This sadly makes it not viable for my use case :/
They do encryption at rest too. Really good notes app and it’s cross platform too. Only missing a “web” client for when you want to access your notes on a computer without Joplin installed (but that defeats the purpose of the E2EE IMO)
if you’re encrypting at rest you also have to consider where there encryption key is being stored.
if you’re storing the encryption key plaintext on the same drive as the data, there’s not much of a point in encrypting.
a TPM/HSM could solve the issue, depending on how far down the rabbit hole you need to go.
EDIT: You could also encrypt the disk of the VM/Server hosting the app. similar situation.
In my mind at least this would be solved by the “vault” needing to be decrypted with a password every time notes are accessed/saved with the password acting as the key? I’m not terribly well educated on encryption though.
if you want to type the key yourself each time this could work. I’m not aware of an app that does this but it wouldn’t be too hard I don’t think.
Recently I stumbled upon nb
If you are dealing with compliance seek help from a professional
If you are storing manly on one device and are looking for a relatively “simple” solution for encryption at rest I would suggest to just encrypt the folder/directory/image the data are living in.
Of course, this way you have to decrypt the data while you are using it. However, it separates the responsibility from the note taking app.
This may or may not be a good solution for your use case, but it should be fast and easy to implement.
I used to do this with some mildly sensitive data using a mac encrypted disk image with plain markdowns files inside. I accessed the files with vscode, but I don’t see why it wouldn’t work with Obsidian. It may just be a bit of a hassle to open the vault each time.
I think this is the best answer. Separation of concerns and all. And OP can keep using whatever notes app he is right now or even switch to another, without the additional encryption requirement.
You can selfhost Standard Notes. The notes are encrypted client side before they reach the server.
If you like the command line you could consider jrnl
Maybe Anytype? It kind of fits the description. It’s still in beta though.
joplin
