How do you secure your journal files?

Are they just sitting on your hard drive? After all, they may contain sensitive data. How about something like Cryptomator?

1 Like

Full disk encryption here, always powering down the machine when I am away from home/work.


I use full-disk encryption (FDE) like f-a. In my case, it’s through VeraCrypt. Most of my financial documents are in fact double-encrypted because they’re stored in a standalone VC container I created long before I started using FDE.

If I wanted per-file encryption instead, I’d probably use age, which I’ve been impressed by over the past few years:

A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

1 Like

100% this. Luks on all my disks.

1 Like

I use Keybase git.

Using git keeps my workflow normalized. Using Keybase keeps it secure, end-to-end and zero knowledge. If I lose trust in Keybase, I could

  1. temporarily use git-remote-dropbox if I trust Dropbox[1]
  2. write the repo to a single file with git-bundle then encrypt it probably with age, then store it probably on Dropbox or GDrive
  3. set up a git server (Gitea, Forĝejo, Gitbucket, etc.; GitLab is too much really) inside my firewall, and set up encrypted backups to Dropbox or GDrive or S3 or Tarsnap or whatever

I try not to be too paranoid. Someone is more likely to socially engineer or subpoena my financial institutions than to compromise my workstations or servers, but that’s just my threat model.

Like cryptocurrency private keys, the safest financial data is that which is offline and never connected to a networked computer.

  1. Questions about Dropbox’s security and compliance enter my mind, but my threat model does not include entities that could not already get my financial data from the financial institutions I use. ↩︎