Is it possible to add encryption when working in the app?
Why: It is too dangerous to use Joplin on PC because all notes are not encrypted locally. They are only encrypted when transferred to cloud storage.
I tried to do a VeraCrypt+Joplin-Portable bundle, but it's an uncomfortable user experience. You have to manually mount and unmount encrypted containers all the time.
Is it possible to realize encryption locally from Joplin itself?
Is it possible to create support with 'VeraCrypt' or other programs? Set a master password for encryption and require it every time Joplin is started, it automatically encrypts back after closing app?
What I mean here is isolated real-time or use-time encryption. Full disk encryption with 'VeraCrypt' and 'Bitlocker' decrypts files while the system is running. A virus or physical access to the disk will not allow to get the data while the system is active and decrypted? 'Standard Notes' has a similar feature
What you are referring to I think is called encryption at rest. There was a PR created earlier this year to add support for encryption of the sqlite db - which I believe would be to allow encryption at rest (excluding attatchments).
However this was closed for now as it was notes that compiling to all platforms was going to be a huge challenge. But maybe at some point this will be implemented.
In the meantime you'll either need to encrypt your whole harddrive, or use bitlocker / veracrypt. On mobile though, if you use Android, the private space feature introduced in Android 15 or the secure folder feature on some Samsung phones would be a roughly equivalent solution to veracrypt for mobile, except you don't have to manually unmount the secure area when you are finished with it. However the whole phone is already encrypted by default these days.
Secure folder works well for me as a means to put a pin lock on the Joplin app. I only use plain text in notes, but bear in mind if you use attatchments then you will need to transfer those files in and out of the secure area for them to be accessible between the secure area and the rest of your phone. That works the same with private space. With both solutions, you can enable clipboard sharing so you can access the same clipboard in and out of the secure area.
Please note with private space, you cannot create a homescreen shortcut to access the private space version of your app directly, however I read that you can create a direct shortcut if you put it into a folder on your home screen.
In response to point 2 of your message, I think you might be able to write a script to do what you require, at the very least to unmount when you close Joplin. Veracrypt has a command line interface, so you could write a batch (Windows) or bash script which runs a command to open Joplin, and when the process ends (when you exit Joplin) it could run another command to unmount veracrypt. Use that script to launch Joplin.
You may be able to add a command which precedes opening Joplin to mount veracrypt, but that depends if it's possible to open a GUI or interactive cli process to enter your password, which will end when you have entered your password.
Alternatively if you use Bitlocker, I think there are settings you can set to automatically unlock when you start your pc, and lock when you shut down
I have attempted my suggestion of writing a script to mount and unmount veracrypt before and after launching Joplin and I have got this to work on Windows.
In my case I am using installed Joplin rather than the portable version. In your case, you could put the portable Joplin installation into the container and run it from that path within the script.
I first made a veracrypt container and created a joplin-dev dir in it. Then I created a soft symbolic link to this directory like so:
mklink /d "C:/Users/User/.config/joplin-desktop" "Z:/joplin-desktop"
I then put this into a script called joplin-start.bat (in your case, replace the paths as appropriate, and use a different drive letter to Z if you wish - but it does need to be fixed, and the path for the /v arg must use backslash rather than forward slash):
start /w "" "C:/Program Files/VeraCrypt/VeraCrypt.exe" /l Z /q /v "C:\Data\Profile\test.hc"
start /w "" "C:/Users/User/AppData/Local/Programs/Joplin/Joplin.exe"
"C:/Program Files/VeraCrypt/VeraCrypt.exe" /q /u Z
exit
You could use that script directly to launch Joplin, but if you want to get rid of the ugly command prompt window when running the script, you can create a script to launch that script, which will start the command prompt minimised:
cmd.exe /c start /min joplin-start.bat ^& exit
You can then create a shortcut to that script, and change the icon to match the Joplin application icon.