Secure Notes is a Joplin plugin that lets you password-protect and encrypt your notes locally. It ensures your sensitive information stays private — only you can unlock and read your data.
Features
Password-Protected Notes - Encrypt sensitive notes with a password of your choice
Read-Only View - Preview encrypted notes without decrypting them permanently
Local Storage - Encrypted notes are stored locally in Joplin's database
Multiple Modes - Supports AES-CBC, AES-CTR, and AES-GCM modes with 128-bit or 256-bit key sizes.
Disclaimer
NO RECOVERY - If you forget your password, your encrypted notes are permanently lost. There is no recovery method, no reset option. It is recomended to maintain backups of important data.
NO WARRANTIES - This plugin is provided "as is" without any guarantees. While it uses industry-standard AES encryption, no system is 100% secure. The author is not liable for data loss or security issues.
Use at your own risk. By using this plugin, you accept these terms.
Installation
This plugin is still quite new, and I’d love for you all to try it out before it’s officially released on the marketplace.
Please give it a try and share your feedback here — it’ll really help improve the final release!
FAQ
Q: Can I encrypt all my notes or notebook at once?
A: Currently, the plugin encrypts notes individually. Batch encryption may be added in future versions.
Q: Are encrypted notes searchable?
A: No, encrypted content cannot be searched until the note is decrypted.
Q: What happens if I uninstall the plugin?
A: Encrypted notes will remain encrypted. Reinstall the plugin to decrypt them.
Thanks a ton for implementing and sharing this great feature
A few questions if you don't mind:
Are images and other resources in the note encrypted as well?
As of now the plugin cannot be found on my Joplin MacOS Desktop 3.4.12, is this expected? I will retry in a few hours.
Do you plan to add the ability to edit an encrypted note on the fly, without having to ever decrypt it first? If I have to decrypt the note everytime I want to edit it, the unencrypted version might leak at some point in the note versions, the daily builtin backup, my (Time Machine) continous external backup, etc, not very safe.
@cipherswami I see this is hot off the press and not actually published in the plugin store yet. There isn’t any jpl linked on the GitHub repo and I’m not sure how to build it. Any change you could make a release on github / share the jpl?
While this is not a feature I would use myself, I guess a lot of users would be pleased about this plugin, particulary because it supports mobile. So thank you for working on this.
As I can’t yet test this, I can only assume the way the encryption works. Would I be right in thinking that when you encrypt a note, it replaces the full note contents with an encrypted string, and then hides / formats this in some way in the ui? If this is the case, I forsee one major caveat:
The encryption is basically redundant unless either the user completely turns off note history, or they delete all note history for a note after every time they encrypt a note. A restart of the Joplin app (to ensure revision collection has executed) may also be required before deleting the note history for a note, to ensure the old contents are not created in a new revision after deleting the note history. This would not be very practical from a user perspective, unless they rarely updated encrypted notes, and made use of the ‘readonly’ decryption feature, assuming that does not update the note contents with the decrypted text.
EDIT: It looks like the Joplin data api does offer the ability to retrieve and delete revisions, so you could programatically deal with this if you have not already. As a minimum you could delete all existing revisions upon encrypting a note (with some kind of disclaimer), but there is still risk of some revisions getting created at the later time with unencrypted content
I haven't tested this yet but just wanted to make sure some background to this is understood before it receives feedback of “not really providing protection” (which maybe it does, maybe it doesn't). The three forum threads linked above describe very specifically what a few members of the community have been asking for - we were not asking for protection against a competent, malicious hacker but rather protection against over-the-shoulder accidental reading by colleagues. Very pleased to have a new toy to play with, thanks cipherswami!
That could be used to create a basic, custom editor that bypass the revision system and only save the note in encrypted form.
If the goal is only to hide the content from over-the-shoulder reading, that editor could also be used to display a empty frame over the editor by default, and you'd have to click a button for example to reveal the content.
Let me tell you how this works, any resources in .md file is just a hyper link [resource](url). So technically no, unless some how you found a way to keep Image in raw text inside the .md file.
Oh my bad I forgot to publish, I was just running few tests. No worries, for now I'll keep a ".jpl" file in GitHub releases.
Yeah, I’ve looked into it myself. I ran into issues where the UI was corrupting the payload format, which could potentially lead to permanent note loss. I can’t promise this feature anytime soon, but I’ll add it to my list. As for backups and syncs, doesn’t the built-in E2EE already cover such scenarios?
I recently switched from Obsidian after it started getting resource-heavy and a bit laggy.
All I really needed was a simple way to protect a few sensitive items — like my 2FA recovery codes and credentials — that I didn’t want to store in Bitwarden. Joplin turned out to be perfect for my needs: it’s FOSS, cross-platform, and supports Markdown notes.
The only features I found missing were:
Secure Notes (which I’ve now implemented for convenience)
Wiki Links (I’m planning to work on quick-links plugin to achieve this)
I’m currently using the editor API to render a read-only view of encrypted notes. I tried using content scripts but ran into a few issues — for now, I just want a stable, working model that I can refine later.
For testing purposes, I’ve also created another plugin — Quick Note — which I published a while ago. However, it still doesn’t appear in the plugin marketplace.
I followed all the instructions and ran npm publish, ensuring all the requirements were met. Could you please check and let me know if I might be missing something?
Thanks to Laurent’s reply, my recommendation to handle the issue would be to do 2 things to deal with the issue of revisions:
Instead of a read-only mode, make an edit encrypted note mode which utilises the editor api, so that both viewing and editing the decrypted content will bypass the revision system. It would just need a save button to re-encrypt the contents and save it to the note
The revisions data API is not good, because you cannot get all revisions for a single note directly. You can only get all revisions for every note and then filter it, which would be sub-optimal. If you implement point 1, then it means that deleting existing note history is only required on the initial conversion to an encrypted note. So my recommendation would be to show a popup upon encrypting a note, which instructs the user to delete all history for the note, in order to avoid retaining the unencrypted content. Both Joplin desktop and mobile have the built in feature to delete all history for a note in Joplin 3.4
With the current state of Joplin, I don’t think it’s possible for the unencrypted note contents to get created in a revision after deleting all the revisions for a note (except when the decrypted contents are saved to the note again). I do have a PR currently in review which fixes an issue with the revision mechanism https://github.com/laurent22/joplin/pull/12674 , which would have enabled such revisions to get created after deleting them. But after analysing this issue I have updated my PR to ensure that this won’t happen
@cipherswami I gave your plugin a quick test on desktop. The usage was pretty self explanatory and the UI to switch between modes feels decent. With regards to the read-only mode, the formatting is quite different to the normal markdown editor which I guess is ok, but images within the content are not rendered at all.
If that is a limitation or is deliberate (to avoid users thinking attachments will be encrypted) it might be worth mentioning something about this in the README.
I can understand the challenges that using the editor api can present and that it would be easier to use the built in editor (which would also provide a full editing experience without limitations). Ideally flushing out the note history after every encryption programmatically would work best, but my concern is heavy users with long history could have hundreds of thousands of revisions which you would need to filter through every time you want to perform a deletion.
Assuming the get revisions api allows pagination and sorting by created_time descending, one potential solution to avoid reading the entire note history metadata into memory and poor performance, would be to make some sort of cache / registry of the entire note history locally (possibly in the sqlite db?). Then whenever you want to delete note history, when retrieving the note history you can add the items to the registry, and on subsequent retrievals you can stop processing further pages once you get to an item which is already in the registry. Then you can scan your registry for the items matching the note id, and delete those entries.
I’m still unsure how well that would perform though. The ideal would be to submit a Joplin pull request to expose an api to retrieve all revisions for a given note id
Yeah, I know — I fell asleep after creating this page yesterday. Earlier, I was exploring the markdown renderer issue. And there are few other issues as well, which I have created in GitHub, will be working on them real soon in my free time.
I haven’t gone through the full documentation yet, but these revisions could pose a major issue for the plugin. If the API to fetch and delete a note’s revisions using its noteId isn’t currently exposed, could you please make it available?
I did some testing with the plugin on mobile as well now. The UI seems just as good as on desktop, but there are bugs. I’ve raised 4 issues on your repo
Password-Protected Notes - Encrypt sensitive notes with a password of your choice
Read-Only View - Preview encrypted notes without decrypting them permanently
Local Storage - Encrypted notes are stored locally in Joplin's database
Strong Encryption - Uses industrial level AES encryption with Webcrypto API.
Multiple Modes - Supports AES-CBC, AES-CTR, and AES-GCM modes with 128-bit or 256-bit key sizes.
Disclaimer
