← Back to context

Comment by redgridtactical

9 days ago

The read-only past is a really smart design choice. I build local-first apps and it's always tempting to add edit-everything flexibility, but constraints like this are what keep a tool focused and actually useful.

How does the Supabase sync work with the E2E encryption? Client-side encrypt before anything leaves the browser?

3 comments

redgridtactical

Reply
katspaugh  9 days ago

Thanks! Exactly, client encrypts before syncing. Decryption keys are wrapped/encrypted with your password. If you change the password, only the decryption keys are re-encrypted, not your notes.

  • redgridtactical  9 days ago

    Smart approach with the key wrapping. Re-encrypting every note on a password change would be brutal at scale. Do you have a recovery path if someone forgets their password, or is it truly zero-knowledge where the data is just gone?

    • katspaugh  8 days ago

      Assuming the user still has access to their browser, the data would be still accessible locally (and I’m planning to add an export function too).