Upgrade StorageFeature Request: Support for confidential entries and attachments.
Working on industry projects, I find myself having files that I need to treat as confidential. It would be great to have some features in place to handle them better.
1.2 Encrypt Metadata. Depending on the industry partner and legislation, even sharing metadata about the documents may be an issue. This could be solved by encrypting data about confidential documents with a passphrase.
Ideally, it would be separated into a data-base stored encryption key, which is itself encrypted with the pass-phrase. This way changing the passphrase would be easier.
Current Workarounds. (a) Keep confidential files in a linked location using ZotFile. (b) Disable all attachment synchronization to prevent accidental uploads.
Better would be explicit support to avoid synchronizing things by accident.
This is undesirable; Instead it would be better to create a separate storage directory for confidential files, ideally in a user-specified directory.
It is also undesirable, because it removes the ability to use ZotFile for renaming files in storage: attachments.
2.2 End-to-end encryption of group libraries with a pass-phrase. This one I’m not personally interested in, but it might allow using group libraries with attached files for projects with confidentiality requirements.
1 Basic Ideas
1.1 Flag entries as confidential. Ad a feature, that allows to designate documents as confidential, e.g. as an itemID → Bool mapping in the database.1.2 Encrypt Metadata. Depending on the industry partner and legislation, even sharing metadata about the documents may be an issue. This could be solved by encrypting data about confidential documents with a passphrase.
Ideally, it would be separated into a data-base stored encryption key, which is itself encrypted with the pass-phrase. This way changing the passphrase would be easier.
2 Extended Ideas
2.1 Store attachments of confidential files separately. Legal/contract requirements may prevent sharing confidential files with any third party, or require unrealistic effort to allow it (e.g. requiring explicit clearance for any given cloud service, that might not be given on individual requests or take long to acquire).Current Workarounds. (a) Keep confidential files in a linked location using ZotFile. (b) Disable all attachment synchronization to prevent accidental uploads.
Better would be explicit support to avoid synchronizing things by accident.
This is undesirable; Instead it would be better to create a separate storage directory for confidential files, ideally in a user-specified directory.
It is also undesirable, because it removes the ability to use ZotFile for renaming files in storage: attachments.
2.2 End-to-end encryption of group libraries with a pass-phrase. This one I’m not personally interested in, but it might allow using group libraries with attached files for projects with confidentiality requirements.