Attachment locally unencrypted

I sync notes encrypted and can see that both notes and attachments are saved encrypted in my remote webdav folder.

I also noticed that (in the local config directory) the notes are still encrypted but the attachments are not. So all data is encrypted in transit, at remote rest, but not locally at rest. I guess this is by design, but are there any plans to also locally store everything encrypted?

(Using Mac, latest desktop)

There’s a GitHub issue about this. Personally on macOS and Windows I simply use an encrypted drive so I never have to wonder whether an app saves its data encrypted or decrypted.

In that case. what I don’t understand is, why notes are locally stored encrypted. I would assume an all or nothing design.

They are initially downloaded encrypted, but eventually they get decrypted locally.

I am with metbril on this. Once encryption is enabled, everything should be encrypted, all the time. I adopted laurent’s work around. My system drive is not encrypted, but I do have a VeraCrypt volume. I moved the profile (database and resources) to the encrypted volume and added --profile /path/to_new_volume to the joplin.desktop launcher on my desktop. It’s a little messy, but it works. I also added 2FA to my Dropbox, use Authy for that, and of course a very strong passphrase. I have other programs that ONLY sync with Dropbox. I pay for it, and have 2TB storage. I may as well use it.