Vault Notes are notes that are end-to-end encrypted, with their encryption password never sent to our servers. In practical terms, this means that even if a malicious employee or state/government actor somehow obtained access to the Amplenote database, a long Vault Password would render them unable to decrypt the content of your Vault Notes within a human lifetime, even if they possessed access to most advanced computing resources known to be available as of 2020. The technical aspects of how Vault Notes achieve this level of security are described below.
A "Vault Note" is a note that gets stored using the Vault Encryption Key, which is never sent to or available to the Amplenote database server.
As described in depth in our technical security documentation, the Vault Encryption Key has the following properties
A random 256-bit Vault Key Salt value is generated and stored in the database encrypted with AES-256-GCM using an encryption key that is not available to the database server and a randomly generated Initialization Vector
The Vault Password entered by the user and the Vault Key Salt are used with PBKDF2-HMAC-SHA256 to produce the 256-bit Vault Key
PBKDF2-HMAC-SHA256 is configured to use 100,000 rounds
A Vault Key Verifier is stored on the server, allowing for a zero-knowledge proof to ensure that the same Vault Password is used for all Vault Notes
Beyond Amplenote servers never getting the password to decrypt the note's content, there are a few other differences in how Vault Notes are designated and treated in Amplenote.
When you start a new Amplenote session, we do not have access to your Vault Notes. Thus, they will have an icon to indicate they're pending download/indexing in the notes list:
When you open Amplenote in a session where the Vault Note has not yet been provided when opening a note, then all Vault Notes will have the blue icon to indicate they're pending download/indexing
To open the note, click on it and enter your Vault Password in the ensuing popup. Then you can see the note's contents:
Differences between a Vault Note and standard note: the preview is not shown in Vault Notes, and the Vault Note icon designation once opening the note
Even after decrypting the note, it's contents will never be shown in the note preview. Some other differences between Vault Notes and normal notes as of September 2020:
Cannot be shared with other users
Cannot be made public
Will not display preview content in your notes list
Are not included in notebook export (probably destined to change, assuming users vote for it)
If you keep a lot of Vault Notes, your best bet is to tag them and navigate via hierarchy. We're open to updating Vault Notes to be included in search, but for initial implementation we like keeping their obscure.
To make a note into a Vault Note, click the note settings icon on the right-hand side of the note header, then select "Apply Vault encryption" from the menu:
The link to "Apply Vault Encryption"
Review the details regarding secure notes, then enter your password. The content of this note cannot be recovered if you forget your secure password. You must check the box indicating that you understand the note cannot be restored in the event you forget the password, then click the "Secure note" button to secure the note.
Dialog to Apply Vault Encryption to a note
Vault Notes are available offline, so long as you have, at some point, downloaded the note content prior to going offline. It is comparable to standard notes in this regard. Amplenote initially populates the note list with every known note, but the note content gets cached for offline after the initial note content is fetched. Caching Vault Notes to work offline requires providing the Vault Password when prompted.
To remove a note's designation as a "Vault Note", click "Remove Vault encryption"
You'll be prompted for your Vault password, after which your note will become a standard note.