Hey everyone! :)

I am currently looking to replace Obsidian with a self-hostable alternative (that preferably also uses Markdown - but it’s not a must) but instead of storing the files directly on disk has a way to have all the files within in an encrypted vault / binary format.

Reason being I have very very sensitive data that needs to be stored (employee & medically related).

I read that Logseq used to support this feature but it has since been deprecated, some light googling didn’t surface any results other than that so I would be delighted if anyone had any suggestions!

Thanks so much in advance for any and all help! :)

edit: Forgot to mention that it needs to support Linux as well as Android

  • mark@infosec.pub
    link
    fedilink
    English
    arrow-up
    8
    ·
    edit-2
    2 months ago

    if you’re encrypting at rest you also have to consider where there encryption key is being stored.

    if you’re storing the encryption key plaintext on the same drive as the data, there’s not much of a point in encrypting.

    a TPM/HSM could solve the issue, depending on how far down the rabbit hole you need to go.

    EDIT: You could also encrypt the disk of the VM/Server hosting the app. similar situation.

    • HamalaKarris@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      2 months ago

      In my mind at least this would be solved by the “vault” needing to be decrypted with a password every time notes are accessed/saved with the password acting as the key? I’m not terribly well educated on encryption though.

      • Aurelian@lemmy.ml
        link
        fedilink
        English
        arrow-up
        3
        ·
        2 months ago

        The problem is how many random characters can you remember in your head?

        A good encryption key would be around 32 characters to form a 256 bit encryption key.

        You can do a fun game of encrypt the encryption key with a password but that’s just another vulnerability in the chain.

        I recommend getting a PGP key stored on a yubikey and then encrypt all your notes with it since it’s all in markdown, I store my notes on Google drive and keep them decrypted in memory so that I can still use Obsidian.

        • DaGeek247@fedia.io
          link
          fedilink
          arrow-up
          7
          ·
          2 months ago

          Or just use a password manager like keepass where the problem of storing passwords has been solved already…

          • Aurelian@lemmy.ml
            link
            fedilink
            English
            arrow-up
            2
            ·
            2 months ago

            As long as you protect that password store with a sufficiently strong password that you store in a password manager that has a sufficiently strong password :P

            I joke but yes some sort of password store is what you would use but make sure that password store needs something like a yubikey with a strong private key on it ⁠_⁠

      • mark@infosec.pub
        link
        fedilink
        English
        arrow-up
        2
        ·
        2 months ago

        if you want to type the key yourself each time this could work. I’m not aware of an app that does this but it wouldn’t be too hard I don’t think.