Tuesday Tip: Secure your DEVONthink Data

We’re back from our Christmas holidays, have worked through the pile of email and are now back in the code mine, all engines full steam ahead!

And if you are, and you should be, interested in security, here’s a tip for you: DEVONthink Pro databases are, for various reasons, unencrypted, e.g. to let Spotlight access the files for indexing. To encrypt a database with industry-strength encryption create an encrypted disk image using Disk Utility and put your DEVONthink Pro database on it. To open the database you now need to mount the disk image and enter the password you used to create it. If you make an alias of the database and place it on your Desktop the Finder even mounts the disk image automatically when you double-click the alias to open the database.

For even more security (by obscurity) you can even hide the disk image! To keep the disk image icon appear on your Desktop when you mount it, open the Terminal and enter: “setfile -a V /Volumes/foo” (without quotes; replace “foo” with the name of your disk image; but the name from /Volumes through foo in double-quotes of the name contains spaces). Press the Return key when done. Thank you to Trev Copland for this nice tip!

10 Responses to “Tuesday Tip: Secure your DEVONthink Data”

  1. Stephan says:

    I think the title should be edited to match the actual tip – it doesn’t mention any scanners that work with DT, but is a very good piece on security.

  2. Ron says:

    You can also use a shareware application named Espionage (http://www.taoeffect.com/espionage/). Switched to this from another application because it prompts me for the passphrase to open the encrypted folder when I am laucnhing the application.

  3. Eric says:

    Ehrr, yes, one should update the headline when changing the subject of the article while writing 🙂 Thank you!

  4. alex says:

    Why go through all of this when you can just switch on FireVault? Sure, it has it flaws but for 99% of the users it is strong enoug.

  5. Leslie says:

    One additional tip to add. Remember that DevonThink handles multiple dbs with ease.

    I created a separate db specifically to hold the items I want protected/encrypted. This way I only have to bother with the trivial mounting process on the rare occasions when something needs to be added.

    As for an application like Espionage, just remember it doesn’t play as nicely with TimeMachine as sparse bundle will and you are relying on a 3rd party for support should something happen to your encrypted folder.

  6. Michael Prescott says:

    I think it would be nicer to just offer encryption as a toggled check-box preference.

  7. David Browlowsky says:

    Why isn’t there jsut a note by note encryption option just like in other note application like Soho, Yojimbo or Together ?

  8. Eric says:

    This would break searchability through Spotlight and if we do it, we want to do it well. This is on our to-do list for future improvements.

  9. Dru says:

    I would also like to have item by item encryption. The comment that “this would break searchability through Spotlight” is exactly the point, you don’t wan’t encrypted content to be searchable. I will switch from Yojimbo when this is added.

  10. I wish I knew more about applescript / Ruby / Python etc I would create a plugin or scripts to use PGP/GPG with Devonthink. This way one would not need to worry about the implementation of the encryption in DT just GPG. the guys at the gpgtools project https://www.gpgtools.org/ have a lot of good work going on and maybe we could tap a resource there..

    I just think that a plugin solution for encryption would be the most versatile those who need it include it.. those who don’t are un affected.