Encrypted Pages

[changchichung]

For Feature Requests

Desired Feature: encrypt page

is that possible to add a encrypt page in bookstack ? open page needs enter password or just encrypt the content ?

[Shackelford-Arden]

Out of curiosity, what is the use case you have in mind? what is the intent of encrypting in this way as opposed to simply using the built in permissions to properly hide/secure the page?

[mendiromania]

displaying it to the guests that you would give the password to I guess

[lithium-ap]

I have also been thinking how to pose this question or address feasibility. For my use I've been using this to document environments that occasionally have sensitive information. At the moment I do not store sensitive data.

I dont think encrypting the entire page is something i'm interested in, but more of specific content. Maybe this could be done with a special control or text box that allows the data to be obfuscated and stored in hashed in the DB

Not too sure how far outside of scope this would be either- I've considered contracting to implement and then offer for merge.

[Shackelford-Arden]

Would it not be sufficient to simply is the built in permissions to simply hide the pages from those who don't need them?

[lithium-ap]

No, not if you desire some of the data to be obfuscated; also the aspect of storing hashed in the database.

[ssddanbrown]

This is an interesting feature. Obviously the content would not be searchable, And you'd need to provide the password to edit the content.

[aljawaid]

Would be nice for admins to be able to hide/show/restrict content base don the user's account password.

For business case, this means that the manager can create a single document but password-protect certain pics/paragraphs to senior staff only so the juniors can't see.

Restricting by user name or all would be good options. Then globally set a password per book/page/chapter for 'anyone' to view the content.

[KyferEz]

This is a VERY important feature for HIPPA and GDPR considerations.

It would also enable the possibility of storing passwords in the system which would make it a FAR more useful system for system administrators wanting to maintain documentation for their clients.

[tmikaeld]

Which is exactly what I use it for, sysadmin docs. (With no sensitive information yet though)

I'm thinking, maybe use the same encryption as is used in Lastpass and Bitwarden (Open source)? This would certainly be secure, considering the implications of their encryption not being good enough.

[nullquery]

Running into this as well. Lack of encrypted pages makes it difficult to comply with ISO certifications. Currently, they would end up plaintext in a MySQL data file. Not ideal.

[guenth]

I would like to be able to encrypt at least "fields" in a page. That way the page could be searchable, but say the specific contents in a command would not. I still probably wouldn't put actual passwords in there, but sometimes it is desirable to obscure things like db structure or even user name lists.

[ghost]

This would be easily implemented with OpenPGP (or similar) client-side encryption using user account-linked public keys and a symmetric key per page or book. You can then rely on Subresource Integrity (SRI) and potentially user-side attestation of the libraries (or rely on standardized browser crypto) to deter server-side malicious tampering with the crypto.

[kaspwip]

BookStack is publicly hosted and it would be great, if necessary, to be able to encrypt and decrypt at the browser level (JavaScript)

[fklappan]

Did you already schedule this feature request? I would love to see the feature come to life!

Maybe some additional background: I use BookStack only for myself. So I would use the feature for some kind of "journal" or "private notes".

[wxrl]

Would love to have this feature to encrypt pages! Independent password required every time visiting the protected pages even for the owner as well as for those who can view.

[the-infrequency]

+1 Using this as an internal wiki, but have some information that we (temporarily) store that would be best to encrypt.

[FeIix]

The "Security and Encryption" extension for confluence has a nice way to do this, you can hide any content behind a button and give access permission to specific users or groups. It's integrated in the toolbar, like spoilers or code blocks. Really useful to store / share passwords, especially the Copy button

[DrMxrcy]

+1 For this. Would be great for Internal Wikis

[SonGokussj4]

Wow, this would be so cool. (and have the password categorized like in settings - "IT Admins" - set password, "Department X" - set password and so on.

[MepLab]

+1 - Would be very usefull for me :)

[42bios]

+1 this would be a great feature!

[larissa-pereira]

+1 necessary for GDPR

[mieszkou]

+1

[Szwendacz99]

Would be great, and make you feel safer when hosting instance that is open to world, and you would like to store there a bit of sensitive information too. Currently for such usecase (very sensitive notes) I rather use separate tool. I am not sure, but basic server-side encryption with password should be relatively easy to do?

[xKugeki]

+1 this feature would be awesome :)

[Mindpsy]

+1 this would be a great feature! Please to release it!

[JesusRedGar]

yes, this would be very desirable to have

[otherjoel]

My $0.02: Sensitive information and credentials should be stored, shared and protected using tools designed for that purpose, not in a documentation tool.

In particular, if you believe your envisioned use of Bookstack without this feature would put you afoul of HIPAA or ISO considerations, you either don’t understand those frameworks or you have bigger problems.

[Szwendacz99]

My $0.02: Sensitive information and credentials should be stored, shared and protected using tools designed for that purpose, not in a documentation tool.

In particular, if you believe your envisioned use of Bookstack without this feature would put you afoul of HIPAA or ISO considerations, you either don’t understand those frameworks or you have bigger problems.

You start talking about your case and somehow end up summarising my use of Bookstack.

Also, If something is worth hiding behind a password, I think it is worth encrypting, if that is not a trouble.

[FeIix]

In some case yes, in others no. I think the users should be able to decide if it's too sentitive or dangerous, or more practical for their project to have everything in the same tool.

[exnerit]

i am thinking about inserting access data as a link to e.g. 1password or keeper datasets. it might be an approach? yes you have to go back into another system. But i think that sensitive data is better stored in something like 1password or keeper. Maybe you can develop a functionality that recognizes such links and inserts them nicely formatted into the document?

[Mindpsy]

I think this is quite a demanded and appropriate function for such a project. For example, Evernote provides such a feature to its users. Because any information can be sensitive. And encrypting the contents of a specific page or certain sections of the page using a password, which is a fully justified way to additionally protect data. Even if the main tasks of the system are different.

[jacrook]

Hello, I'm wondering if this is still on the roadmap. I'm enjoying transferring my documentation, and this feature would enable full adoption.

Thank you

[ssddanbrown]

@jacrook This was never on the roadmap to be honest. Not that I'd never consider this, but I don't plan a roadmap that far out. From my view, this would introduce trade-offs & complexities, while encouraging a use we're not targeting nor suited for (passwords, secrets etc...).

For one-off/within-page encryption, it might be possible to hack something in on an instance via custom JavaScript (since it can all be client side).

For general instance wide encryption at rest, it might be possible to enable this at the database level but I have little experience in this personally and it's not something I've tested with BookStack.