I completely agree with the threat model of "an attacker on your machine can get to the keys" but I'd like to add two security use cases that makes encrypting indexes valuable:
1. Off-the-shelf malware exfiltrates data, as seen in ransom attacks. I'd feel better if the index was encrypted. It's unlikely an attacker would manually spend time trying to find the keys in RAM unless your app became very famous :)
2. Syncing files on a work laptop where IT might snoop.
Obsidian does not encrypt files at all locally, and for that reason I would feel quite self-conscious about loading a vault with potentially private notes.
Ironically, Obsidian is much better if you only have ONE big vault, but because of this, I have to live with 3 vaults (different threat models for each).
im not the dev but what you're wanting is completely unreasonable. No note application does this and this would slow down the application without having any additional benefits
Yes, the app Turtl (https://turtlapp.com) does do this and it's not slow at all really. It only decrypts data upon viewing, and immediately re-encrypts when saving data. So this is actually entirely reasonable and entirely doable. The benefits are that malicious applications can't read data just sitting on the hard drive, which removes an entire class of attacks. An encrypted hd doesn't help you when it's unlocked.
One simple way to get around this is to use some sort of labelling system for your notes.
Then you can hash the labels and keep an index of the hash. You can also symmetrically encrypt the hash, or slugify it first. The index can be a file, or many, that you load in memory and keep updated / synced on changes.
You can then do label-based searches on your notes by first hashing the input string and searching for an exact match in the index.
For something like full text search on encrypted data, I guess you'd need to use a database that already does that.
is it possible you create a vector index on the open documents and that index basically has searchable value but doesn't leak anything vital? if it were just English you were searching for, then it wouldn't need encryption.
Are your notes really that interesting? I’ve written software that does this sort of thing commercially, if your materials are that sensitive you’d be using one of those packages.
I suspect this is just a dev with a fetish for obsessing over security. Like putting an expensive lock on a cheap bike!
1. Off-the-shelf malware exfiltrates data, as seen in ransom attacks. I'd feel better if the index was encrypted. It's unlikely an attacker would manually spend time trying to find the keys in RAM unless your app became very famous :)
2. Syncing files on a work laptop where IT might snoop.
Obsidian does not encrypt files at all locally, and for that reason I would feel quite self-conscious about loading a vault with potentially private notes.
Ironically, Obsidian is much better if you only have ONE big vault, but because of this, I have to live with 3 vaults (different threat models for each).