Introduction #
I don’t think I can emphasize enough how awesome plaintext notes are. But there is a positive and a negative thing about it: it is very easy to read them.
So??
Well, if you store, for example, passwords (which you should never store in plaintext, and you already know this, right?) they could be easily retrieved by anyone who has access to your notes.
grep -r "password"
This simple command will search for all files in the current directory and its subdirectories that contain the string “password”. It will then print the file name and line number where the string was found. Okay, it is a stupid example, but think of other sensitive information like credit card numbers, social security numbers, or any other personal data that you don’t want to share with others.
But my notes are only local?
That’s good. But, what happens if you lose your device? Someone got it while it is unlocked? There are many scenarios, which are maybe very unrealistic, but when they happen, it will be shitty. If you have sensitive information about other people, you should consider encrypting your notes because their secrets depend on you.
So enough said, let’s talk about how to encrypt your notes.
User-friendly but still private and secure #
A few days ago, I discovered the Obsidian Age Encryption plugin. I was very interested in it because before that I used Meld Encryption, which didn’t make me happy because the inline encryption was not very user-friendly (it used emoji to mark ciphertext). Besides that, it did not use a standard encryption format, which made it difficult to decrypt the notes outside of Obsidian. I know that there was a script by the developer, but it seemed a bit sketchy.
Installing the plugin is very simple: just search for it in the community plugins and install it. The plugin works on every operating system, even mobile devices. So it is not required to have age installed locally.
A plugin for Obsidian that provides age-based encryption for your notes.
Now you have an encrypted section in your markdown file, which is embedded in a code fence, so the plugin can render it beautifully. If you select some text and open the command palette, you will see a new command called Age Encrypt: Encrypt selection. This will encrypt the selected text and format it as a code fence. You will get prompted to enter a passphrase and an optional hint. Further, the passphrase can be stored (on a file basis) until Obsidian is closed. This way it will get rendered as a grey box but will immediately be decrypted when you click on it.
Here is an example:
# With Secrets
This is nothing secret, just normal markdown
```age
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNjcnlwdCBvc3NWRVVmOHIzUVNzUk9i
aU4xcTJBIDE4Cm5CbXUxS0M2SFhsbncwTFdQM2ZKUG0xbmh1ODBhdjlUY3VVdzhz
WEhLSHcKLS0tIG1mQ1UzUm43NlJtaDFpa3N1NlUxeXlRUlJRTkFyOWplUWd4Z2cr
bFJ5cFUKBxCWCW26165tAzFZDt20T2OJ7QpGRx21+6IzSX+N4nT19OXB3HbG8ae4
RgAS
-----END AGE ENCRYPTED FILE-----
```
## Another Heading
Another piece of information which is not very secret.
The rendered view is:
If you click it, you will be prompted to enter your password:
Further, it is possible to encrypt a whole file, then everything will be inside the code fence.
Decrypt outside of Obsidian #
As you guys maybe remember, in the post about the Unix Philosophy in Note Making, for me it is very important to be able to read, edit, and create notes outside of Obsidian. No software will be there forever and you lock yourself in if all of your personal knowledge depends on a company.
So the reason why I chose this plugin is that age is a very modern but established encryption tool, mostly used for local encryption (so the data is only for you, although it supports recipients too).
The simplest way to decrypt the section is by copying it and using age directly:
echo " -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNjcnlwdCBvc3NWRVVmOHIzUVNzUk9i
aU4xcTJBIDE4Cm5CbXUxS0M2SFhsbncwTFdQM2ZKUG0xbmh1ODBhdjlUY3VVdzhz
WEhLSHcKLS0tIG1mQ1UzUm43NlJtaDFpa3N1NlUxeXlRUlJRTkFyOWplUWd4Z2cr
bFJ5cFUKBxCWCW26165tAzFZDt20T2OJ7QpGRx21+6IzSX+N4nT19OXB3HbG8ae4
RgAS
-----END AGE ENCRYPTED FILE-----" | age -d
This will prompt you to enter your password.
But this is rather a lot of work, so I created a small script to decrypt the section:
#!/bin/bash
# Check if the age command is installed
if ! command -v age &> /dev/null; then
echo "age command could not be found. Please install age."
exit 1
fi
# Check if a file is provided as an argument
if [ -z "$1" ]; then
echo "Usage: $0 <markdown-file>"
exit 1
fi
# Read the markdown file
file="$1"
# Extract the age-encrypted section
encrypted_section=$(awk '/```age/{flag=1; next} /```/{flag=0} flag' "$file")
# Check if an encrypted section was found
if [ -z "$encrypted_section" ]; then
echo "No age-encrypted section found in the file."
exit 1
fi
# Decrypt the section using age
decrypted_text=$(echo "$encrypted_section" | age -d)
# Check if the age command is installed
if command -v glow &> /dev/null; then
# print the formatted text with glow
echo "$decrypted_text" | glow -
else
echo "glow command could not be found. Please install glow."
fi
By calling the script with:
decrypt_note ./some_note.md
The cool thing is that it will search inside this file for the encrypted section and decrypt it the same way. But instead of just echo it will use glow to render it as Markdown in the terminal.
So, now you are good to go! Never stop making notes and take care of them.
Sources #
Some tools I mentioned:
A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.
Render markdown on the CLI, with pizzazz! 💅🏻