BookStack icon indicating copy to clipboard operation
BookStack copied to clipboard

Published 20 hours ago verified publisher icon BookStackApp

Encrypted Pages

Open changchichung opened this issue 6 years ago • 32 comments

For Feature Requests

Desired Feature: encrypt page

is that possible to add a encrypt page in bookstack ? open page needs enter password or just encrypt the content ?

changchichung avatar May 02 '18 10:05 changchichung

Out of curiosity, what is the use case you have in mind? what is the intent of encrypting in this way as opposed to simply using the built in permissions to properly hide/secure the page?

Shackelford-Arden avatar May 02 '18 17:05 Shackelford-Arden

displaying it to the guests that you would give the password to I guess

mendiromania avatar May 02 '18 20:05 mendiromania

I have also been thinking how to pose this question or address feasibility. For my use I've been using this to document environments that occasionally have sensitive information. At the moment I do not store sensitive data.

I dont think encrypting the entire page is something i'm interested in, but more of specific content. Maybe this could be done with a special control or text box that allows the data to be obfuscated and stored in hashed in the DB

Not too sure how far outside of scope this would be either- I've considered contracting to implement and then offer for merge.

lithium-ap avatar May 10 '18 17:05 lithium-ap

Would it not be sufficient to simply is the built in permissions to simply hide the pages from those who don't need them?

Shackelford-Arden avatar May 10 '18 17:05 Shackelford-Arden

No, not if you desire some of the data to be obfuscated; also the aspect of storing hashed in the database.

lithium-ap avatar May 10 '18 17:05 lithium-ap

This is an interesting feature. Obviously the content would not be searchable, And you'd need to provide the password to edit the content.

ssddanbrown avatar May 12 '18 10:05 ssddanbrown

Would be nice for admins to be able to hide/show/restrict content base don the user's account password.

For business case, this means that the manager can create a single document but password-protect certain pics/paragraphs to senior staff only so the juniors can't see.

Restricting by user name or all would be good options. Then globally set a password per book/page/chapter for 'anyone' to view the content.

aljawaid avatar May 13 '18 10:05 aljawaid

This is a VERY important feature for HIPPA and GDPR considerations.

It would also enable the possibility of storing passwords in the system which would make it a FAR more useful system for system administrators wanting to maintain documentation for their clients.

KyferEz avatar Jun 27 '18 20:06 KyferEz

Which is exactly what I use it for, sysadmin docs. (With no sensitive information yet though)

I'm thinking, maybe use the same encryption as is used in Lastpass and Bitwarden (Open source)? This would certainly be secure, considering the implications of their encryption not being good enough.

tmikaeld avatar Jul 04 '18 18:07 tmikaeld

Running into this as well. Lack of encrypted pages makes it difficult to comply with ISO certifications. Currently, they would end up plaintext in a MySQL data file. Not ideal.

nullquery avatar Jan 04 '19 14:01 nullquery

I would like to be able to encrypt at least "fields" in a page. That way the page could be searchable, but say the specific contents in a command would not. I still probably wouldn't put actual passwords in there, but sometimes it is desirable to obscure things like db structure or even user name lists.

guenth avatar Mar 01 '19 15:03 guenth

This would be easily implemented with OpenPGP (or similar) client-side encryption using user account-linked public keys and a symmetric key per page or book. You can then rely on Subresource Integrity (SRI) and potentially user-side attestation of the libraries (or rely on standardized browser crypto) to deter server-side malicious tampering with the crypto.

vogelfreiheit avatar Sep 29 '19 12:09 vogelfreiheit

BookStack is publicly hosted and it would be great, if necessary, to be able to encrypt and decrypt at the browser level (JavaScript)

kaspwip avatar May 31 '20 18:05 kaspwip

Did you already schedule this feature request? I would love to see the feature come to life!

Maybe some additional background: I use BookStack only for myself. So I would use the feature for some kind of "journal" or "private notes".

fklappan avatar Sep 07 '21 14:09 fklappan

Would love to have this feature to encrypt pages! Independent password required every time visiting the protected pages even for the owner as well as for those who can view.

wxrl avatar Oct 08 '21 03:10 wxrl

+1 Using this as an internal wiki, but have some information that we (temporarily) store that would be best to encrypt.

the-infrequency avatar Mar 11 '22 14:03 the-infrequency

The "Security and Encryption" extension for confluence has a nice way to do this, you can hide any content behind a button and give access permission to specific users or groups. It's integrated in the toolbar, like spoilers or code blocks. Really useful to store / share passwords, especially the Copy button

FeIix avatar Sep 12 '22 09:09 FeIix

+1 For this. Would be great for Internal Wikis

DrMxrcy avatar Oct 04 '22 20:10 DrMxrcy

Wow, this would be so cool. (and have the password categorized like in settings - "IT Admins" - set password, "Department X" - set password and so on.

SonGokussj4 avatar Oct 07 '22 10:10 SonGokussj4

+1 - Would be very usefull for me :)

MepLab avatar Nov 02 '22 14:11 MepLab