/note256

Here's the thing. As developers, we've constantly been working with some kind of credential data mess: host configurations, deployment options, backup copies of certificate keys, & so on. Then, we need it all to be privately available online - to share with colleagues, client tech admins or those freelance guys.

What is the way all this data is being stored in a real-world process, 95% of cases? Sad but true, I tell you: something in a plain text file on a host; [or] inside dropbox/gdocs shared doc; [or] even buried into an email archive ("I had sent you the SSH pass few months ago"). This can not be considered a secure approach by any means.

And what is «secure» in our cloud-era? It should mean that no authorized third party can physically access your data, even the storage host itself. We've seen stories where a bad guy or a malware code gained root access to servers and was able to bypass the «outside» security measures - because, you know, it's a root. Data can be considered secure if it's accessible on authenticated client premise ONLY - which means, an industry-grade client security endpoint has to be implemented in your browser. So we did it.

Why you'll need this tool?

Features

• convenient and usable low-distraction UI. Perfectly suited for configs and raw material.
• AES-256 (=years of decoding) for everything. MD5 hashes for content markers. No exceptions.
• everything works inside a browser, no installation, on almost any device (do these smart watches already have web broswer?)
• precise document-applied encryption. You can define a password for every piece of content.
• a workspace. Security measures are no option to leave comfort behind.
• Unicode and I18N friendly. 虎穴に入らずんば虎子を得ず。
• No third party code or stats or metrics or GTM or pixels or whatever.
• Full GDPR and CCPA compliance because we don't even know your data existed.
• all docs have a shared «panel side» which can be optionally encrypted separately
• documents have inner structure, easily modified via project list
• you may have as many separate secure document spaces as you wish, just change the project access key on the fly

🤬 2022 Server Emergency Relocation

Sorry gyus, bad things happen. Due to AWS shitty political/economical mind twist, we have lost about a month of data updates, rolled back to august 2022 backup.

To be short, Amazon has nulled all our servers, all our hot-swap backups, all cold backups, everything on their infrastructure. Completely. No chance to re-create or restore. It was some political question which they mistaken in our case, assuming that we are suppose to somehow related to that RU-EU-Ukraine sanctions stuff. Totally secure and 100% encoded service, looks suspicious, are we?

All your data is still safe. But as restored from august.2022 very-cold-backups. I still have zero access to your data, so can't really say what is really happening inside your docs and workspaces. Hope the losses are not so big anyway, since we have no choice here.

And a week of downtime, because all security keys are gone too. Now restored (re-created), A-grade transport security (you could test it yourself at SSLTest).

Relocated to RU jurisdiction, since for now RU & China are only safe harbour, not really affected by political madness. Up and running. Ironic, isn't it? All data are encrypted at application level anyway, server-agnostic and with trusted open-source code.
Hope that will not happen again.

Stay safe.