This plugin allows to encrypt individual text blocks, instead of having to turn the whole note into a vault note.

This can be used to store credentials, for example. You may have a note about some project and want to include the credentials for a service that project uses. This allows you to have your general project information easily accessible while still having the credentials protected with a password and displayed only on demand.

open_in_new


Encrypted blocks show up 🔒 like this. (This particular block was encrypted using password hello.)

To create a new encrypted block (without ever entering the secret data into the note itself), type {Encrypted Blocks: New}.

To encrypt an existing block of text, select it and choose "Encrypted Blocks: Encrypt" from the plugin action menu.

Note: On mobile, currently this menu doesn't exist, but you can also cut the text to clipboard and then insert it into a new block instead.

Note: Formatting cannot be preserved.

Be aware that your original text may still exist in the note's version history depending on when the last version snapshot was saved! It's usually better to create a new encrypted block using the first method and entering the secret data there so it never exists in the note in an unencrypted state.

To view or edit an encrypted block, click the "Encrypted Blocks: Open" button within its rich footnote.

The plugin allows you to remember the last password for 24 hours. Closing/reloading the page will also clear the remembered password. When you use this option, a hash of the password is stored only in memory and not saved in settings.

The plugin by default warns you about accidentally using a password that is different from the one you normally use. This behavior can be disabled in settings. The "usual" password is securely salted and hashed before it is stored in a hidden setting.

About the security of this plugin:

To encrypt your data, a secure key is derived from your password using PBKDF2 which is then used for encryption with AES-GCM. The password is not stored anywhere in clear text, and none of the things you enter are ever sent to any server (except in their encrypted form to Amplenote's servers as part of the note, of course).

The encrypted data is stored in form of a link which is written into a rich footnote's description. The link goes to a decryption page which can be used as a fallback decryption method in case decryption through the plugin is not possible. This also allows sharing a note with encrypted blocks - as long as the recipient knows the password, they can access the encrypted contents without the plugin as well, by clicking the "(encrypted contents)" link within the rich footnote and entering the password on the page that opens. Note that the actual encrypted data is appended as a hash and not as query string which means that it is never sent to my server. Decryption also happens entirely within the browser when this method is used. To make sure you will never lose access to your encrypted information, go to the decryption page now and save it to your harddisk using Ctrl+S. This way, even if one day both Amplenote and my server are down, as long as you have a Markdown backup of your note, you can still extract the encrypted URL from there and copy it into your local copy of the decryption page.

☕ If you like my work, you can buy me a coffee!