New feature : request password at startup

Features
18

Okay I was able to solve this pretty easily on Windows by using BitLocker and a bit of cmd/ps magic and it's completely seamless.
You run it, it asks for a password to unlock, then re-locks once you close the app.

Here's how I did it.

  • Make a folder somewhere that will hold the encrypted Joplin data and launch scripts, let's call it JoplinPrivate

  • Go to Windows disk management, right side panel - more actions and create a new virtual drive of say 128GB. Make it VHDX with dynamic size expansion. And let's call it JoplinPrivate\JoplinEncrypted.vhdx

  • Initialize the virtual drive to GPT and format to NTFS.

  • Don't assign any letter but assign a NTFS path to an empty folder JoplinPrivate\JoplinDecrypted

  • Go to BitLocker tool, find the drive and encrypt it with a password or pin of your choice. You have to save the recovery keys and then can dispose of them.

  • Add a new bat file JoplinPrivate\JoplinPrivate.bat that looks like this

@echo off
SET batchdir=%~dp0
"%batchdir%JoplinEncrypted.vhdx" && (TIMEOUT 5)
cls
manage-bde -unlock "%batchdir%JoplinDecrypted" -password
powershell -ExecutionPolicy Bypass -window hidden -command "%batchdir%JoplinPrivateLaunch.bat"

This file tries to mount the vhdx if not yet mounted (this may show an error the first time after reboot but it's fine). Then asks you for a password (this window must be visible) and then launches second invisible part with app and relock.

  • Add a second bat file JoplinPrivate\JoplinPrivateLaunch.bat that looks like this
@echo off
SET batchdir=%~dp0
"C:\Program Files\Joplin\Joplin.exe"  --profile %batchdir%JoplinDecrypted\data
manage-bde -lock "%batchdir%JoplinDecrypted" -forcedismount

This file starts in a hidden console and launches your installed Joplin but directs it to an alternative data storage. This way you can use Joplin as usual for non-sensitive notes but have a second instance that is fully encrypted and private. Once Joplin stops it will auto-lock the encrypted drive.

  • Now make a shortcut to JoplinPrivate\JoplinPrivate.bat and place it anywhere.

  • Edit its properties, use the second button at the bottom to set the icon to Joplin.exe and the third button will make it always run as administrator (that is required to unlock/lock a drive).

  • Run it and disable minimize to tray in Joplin settings so that it can auto-lock properly once closed.

  • Done

Of course you can make multiple instances like this in extra folders. Be aware that browser plugin will need to re-authorize every time you switch from one Joplin instance to another.

3 Likes