e2e encryption for secure storage at rest #168
Description
Use Case
Granular, client-side encryption for notes with:
- file-level encryption on save (pre-transit)
- per-note decryption, on-demand
- unique encryption key per note
- decryption triggered on
openevent
Purpose
Zero-trust protection against:
- repository/account compromise
- cloud provider (github) content access
- unauthorized local application access
- unintended data exposure
Proposed Change
- Implement note-level encryption:
- encrypt contents before save/commit
- unique encryption key per note
- seamless, on-demand decryption workflow
- user-controlled key management
Who Benefits From The Change?
- devs/users handling:
- sensitive personal/professional info
- trade-secrets
- confidential documents
- privacy-conscious developers
I'm unaware of the totality of work this would require, but it seems there are a few MIT libs (cryptography (Fernet)) that may be a suitable candidate for integration?
If I'm out of bounds here, lmk; I'm willing to learn & happy to adjust accordingly.