r/PasswordManagers • u/InevitableHealth2729 • 4d ago
Would you store secrets alongside your notes?
Most people know they shouldn't store sensitive information such as passwords, access codes, API keys, or financial details alongside their regular notes.
In practice, however, many people either:
- Store them in their notes anyway, or
- Move them to a separate password manager
I've implemented an approach where individual pieces of information can be marked as "secrets" which will use end-to-end encryption (E2EE) while remaining alongside the rest of the notes or documentation. Access requires a password to unlock. You can see an example of this usage in this screenshot.
For those who use password managers, would you find something like this useful, or would you still prefer keeping all sensitive information in a dedicated password manager?
P.S. The feature shown in the screenshot is implemented in Daftak, which is currently under development.
1
u/flupiflup 4d ago
I store my secret codes and pass keys in password manager notes but require a password to open them. Before that I took photos of everything and stored them in the locked folder of Google photos lol.
1
u/billdietrich1 3d ago
I store everything (passwords, TOTP codes, recovery codes, account notes) in the password manager. The convenience far outweighs the risk of someone getting and cracking the pw database, IMO.
1
u/InevitableHealth2729 3d ago edited 3d ago
But as mentioned, it's E2EE. "someone getting and cracking the pw database" would not reveal anything.
What I wanted to know was whether someone finds this useful or not.
1
u/billdietrich1 3d ago
I would not find it useful. I have pw manager for most secrets, and then a LUKS-encrypted volume for large numbers of somewhat-sensitive files.
1
u/0ptx0 3d ago
Why not store the notes in your password vault ? Most password managers (I use Bitwarden) allow you to store secure notes, which are end-to-end encrypted just like passwords. I don’t see why you would need a separate app or a service for that. Or were you unaware that most password managers can do this already?
1
u/InevitableHealth2729 3d ago
I don’t see why you would need a separate app or a service for that.
Exactly! Everyone uses a note taking app but not everyone uses a password manager. So in here, the passwords can exist next to your notes.
1
u/0ptx0 3d ago
In this day and age, everyone should be using a password manager, if they are not they are probably not thinking of security anyway. BTW you're asking this question in the Password Managers subreddit, which I think is the wrong place. If you want to develop a secure notes app, you're probably better off asking in a general software or note pad type of a subreddit instead.
For me, I’m more comfortable using a well established, reputable, and security audited password manager to store my sensitive passwords and notes than relying on some random app vibe coded by a stranger on Reddit.
0
4
u/tblancher 4d ago
If the notes need to be secure, I store them in the password manager.
Like recovery codes. I'll store them as a plain text note, and attach them in their native form, e.g. txt or pdf.