Does Joplin multiplatform support and encryption place it in the position of being able to serve as both a note management application and a password management application.
I'm thinking "YES".
Any thoughts?
Has this been discussed before?
NO, Joplin is not a password manager and there are completely different requirements for a password manager than for a note manager in terms of security and therefore Joplin is also designed/developed differently
The data data in Joplin is E2EE encrypted, but this does not mean that it is also encrypted on the end devices. It is only encrypted on the sync target and during transport.
3 Likes
Ok. To ensure I understand you correctly: you are saying notes are encrypted on the Joplin Server, during transport and may or may not be encrypted on the end device(s). Which raises the question, how do I know my data is encrypted on the end device?
Local data are not encrypted, they are stored in plain text in the database and in the resources folder on the clients!
Ok thanks.
NB: Seemed like a good idea at the time. 
It is a common misunderstanding. E2EE (i.e. end to end encryption) is separate from "at rest" encryption. Essentially E2EE is only whilst the data is in transit i.e. when you sync you first encrypt it then once it gets to the other side it is decrypted but nobody in the middle can read it.
You can see a previous discussion this topic here - Using Joplin as a password manager?
Joplin as a Password Manager is a very bad idea simply because Joplin is NOT a password manager .
The good news is that most password managers allow using tags/labels like Joplin does so you should be able to find something you like. Check out KeepassXC for instance.
1 Like
This topic was automatically closed 360 days after the last reply. New replies are no longer allowed.