Serve encrypted images in Vault Notes

12 votes

As described at, it is implausible that an actor could discover Amplenote images, but there is the potential that an Amplenote image could be leaked if its author were to share the image URL somewhere where it could be picked up by a scraper. For this task, we could guard against this possibility by generating image data that would be E2E encrypted (with vault-password-derived key) so even if URL is guessed it would be useless (and Amplenote can't decrypt, just like with vault note content).

Under consideration security Suggested by: Bill Upvoted: 27 Nov, '23 Comments: 1

Comments: 1