Using veracrypt with joplin

Features
1

Hello,

I am sorry if this is opening in the wrong section it is my first time using the forum.

I have been using Joplin for some time know and I want to express my appreciation for the effort because it has proved to be a very useful tool for personal and work notes.

I am using Joplin on Linux (snap store) and on ios devices for some time now and it works flawlessly…it updates, it syncs my data with E2EE and I am very happy with it.

I want to go further and encrypt joplin installation file on my Linux device using veracrypt. I have made an encrypted container with veracrypt and put the whole “joplin-desktop” folder it it..then delete the folder from the snap directory. If worked and when I tried to copy/paste the joplin folder again it was able to run with my notes (not as a fresh installation).

Also (and that is for everyone had the same problem) when I was trying to copy/paste the “joplin-desktop” folder on the container I had errors…the solution was to format the container with ext4 and not FAT file system. So if anyone wants to try this solution keep that in mind.

All this happened as a trial in a separate Joplin installation not the one that syncs my notes on the cloud.

My question is…is this the correct way to do with my main installation that its syncing notes too? or I will nuke the ship and I wont be able to sync my notes in the cloud or worse loose them? Is there another (more proper) way to encrypt the Joplin folder so it is not accessible while I am not using the application?

Sorry for the long post and thanks in advance for any input.

2

For your information:

I use Joplin with Veracypt on Windows pc from, it works well. I use portable Joplin

3

I use Linux on desktop and I don’t think there is a portable version of Joplin on Linux.

I want to try and use it the way I described…I guess if I create a backup and sync my notes on the cloud even if I mess up with the snap app I can always sync again.

I just needed a confirmation so I will do it with peace of mind.

4

As the snap author, I’d be partially concerned but I think it sounds like the risk is managable.

Each update, $HOME/snap/joplin-desktop/$rev will be copied into a new folder for the newly downloaded revision, and the $HOME/SNAP/joplin-desktop/current symlink points to the new one of the two, which basically gives the ability for snap revert to rollback the database as well as the application version.

For the most part snap will attempt to avoid updating Joplin whilst the process is open (something Cgroups related for the experts), but I’d be left wondering how snapd itself might react should say it attempt to update Joplin and find an encrypted, or potentially non-existant folder.

Naively, I’m tempted to say, it’s just going to copy the folder encrypted in full, because snapd isn’t checking what’s actually in it, just doing routine maintenance.

Where I’m concerned is I don’t know Veracrypt enough to e.g., understand whether it’s using bind mounts or etc and whether there’s some sneaky gotchya if e.g., snapd looks for that folder and might for a few seconds not even find one, or similarly looks and gets unlucky where Veracrypt has encrypted 50% of the application at that specific point in time but not the other 50%, whilst the application is unloaded and therefore eligible for updates.

That risk would be specific to the application data, so for the most part, if you were to zip up the latest revision whilst the app isn’t running, you’d be able to put it back in place and rely on it being consistent, I’d recommend backups, and any release that’s been published remains accessible forever, so e.g., you could sudo snap install joplin-desktop –-revision=123to match the folders revision.

(Snap actually has built in support for making backups and even using them on other systems, though right clicking and zipping is probably fine, still: Snapshots | Snapcraft documentation)

As long as you’re comfortable backing it up, I wouldn’t expect e.g., the system to break, it might be worth running sudo snap refresh –hold=forever joplin-desktop to disable automatic updates entirely, and only refresh with an explicit sudo snap refresh joplin-desktop, at least until you’re more comfortable.