Hey everyone! :)

I am currently looking to replace Obsidian with a self-hostable alternative (that preferably also uses Markdown - but it’s not a must) but instead of storing the files directly on disk has a way to have all the files within in an encrypted vault / binary format.

Reason being I have very very sensitive data that needs to be stored (employee & medically related).

I read that Logseq used to support this feature but it has since been deprecated, some light googling didn’t surface any results other than that so I would be delighted if anyone had any suggestions!

Thanks so much in advance for any and all help! :)

edit: Forgot to mention that it needs to support Linux as well as Android

  • HamalaKarris@lemmy.worldOP
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    2 months ago

    In my mind at least this would be solved by the “vault” needing to be decrypted with a password every time notes are accessed/saved with the password acting as the key? I’m not terribly well educated on encryption though.

    • Aurelian@lemmy.ml
      link
      fedilink
      English
      arrow-up
      3
      ·
      2 months ago

      The problem is how many random characters can you remember in your head?

      A good encryption key would be around 32 characters to form a 256 bit encryption key.

      You can do a fun game of encrypt the encryption key with a password but that’s just another vulnerability in the chain.

      I recommend getting a PGP key stored on a yubikey and then encrypt all your notes with it since it’s all in markdown, I store my notes on Google drive and keep them decrypted in memory so that I can still use Obsidian.

      • DaGeek247@fedia.io
        link
        fedilink
        arrow-up
        7
        ·
        2 months ago

        Or just use a password manager like keepass where the problem of storing passwords has been solved already…

        • Aurelian@lemmy.ml
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          2 months ago

          As long as you protect that password store with a sufficiently strong password that you store in a password manager that has a sufficiently strong password :P

          I joke but yes some sort of password store is what you would use but make sure that password store needs something like a yubikey with a strong private key on it ⁠_⁠

    • mark@infosec.pub
      link
      fedilink
      English
      arrow-up
      2
      ·
      2 months ago

      if you want to type the key yourself each time this could work. I’m not aware of an app that does this but it wouldn’t be too hard I don’t think.