Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
if you're encrypting at rest you also have to consider where there encryption key is being stored.
if you're storing the encryption key plaintext on the same drive as the data, there's not much of a point in encrypting.
a TPM/HSM could solve the issue, depending on how far down the rabbit hole you need to go.
EDIT: You could also encrypt the disk of the VM/Server hosting the app. similar situation.
In my mind at least this would be solved by the "vault" needing to be decrypted with a password every time notes are accessed/saved with the password acting as the key? I'm not terribly well educated on encryption though.
The problem is how many random characters can you remember in your head?
A good encryption key would be around 32 characters to form a 256 bit encryption key.
You can do a fun game of encrypt the encryption key with a password but that's just another vulnerability in the chain.
I recommend getting a PGP key stored on a yubikey and then encrypt all your notes with it since it's all in markdown, I store my notes on Google drive and keep them decrypted in memory so that I can still use Obsidian.
Or just use a password manager like keepass where the problem of storing passwords has been solved already...
As long as you protect that password store with a sufficiently strong password that you store in a password manager that has a sufficiently strong password :P
I joke but yes some sort of password store is what you would use but make sure that password store needs something like a yubikey with a strong private key on it ^_^