stan44/Project_Journal-Csharp_backend-Python-Frontend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Page: WIKI_VAULTS
Pages
Home WIKI_API_CONTRACT WIKI_CLI WIKI_CUTOVER_RUNBOOK WIKI_DEVELOPMENT_WORKFLOW WIKI_GIT_WORKFLOW WIKI_MIGRATION_ACCEPTANCE_CRITERIA WIKI_SETUP WIKI_TROUBLESHOOTING WIKI_VAULTS Wiki Git Workflow
Clone
1
WIKI_VAULTS
stan44 edited this page 2026-02-22 02:29:36 -06:00
Table of Contents

Vaults and Data Handling

This page summarizes how Project Journal handles encrypted vault storage and decrypted working data.

Storage Model

  • Encrypted vault files live in journal/vault/
  • Decrypted working files live in journal/data/
  • Vault format is monthly: YYYY-MM.vault

Encryption

  • AES-256-GCM for vault payload encryption
  • PBKDF2-HMAC-SHA256 key derivation
  • Encrypted payload layout: salt + nonce + tag + ciphertext

Vault Workflow

Load

When loading vaults:

  1. Decrypted data workspace is cleared
  2. All monthly vaults are decrypted/extracted
  3. Journal files are available for active editing/search

Save

Two save patterns exist:

  • Current-month optimized save (faster in-session saves)
  • Full vault rebuild from decrypted markdown files (comprehensive)

Security Notes

  • Decrypted files are intended to be temporary working data.
  • Graceful shutdown path clears decrypted workspace.
  • Keep backups of encrypted vault files, not decrypted data.

Operational Recommendations

  • Always run controlled shutdown to trigger cleanup.
  • Use strong vault passwords.
  • Store vault backups on trusted storage.
  • Test restore procedures periodically.

Related Source Files

  • journal/core/storage.py
  • journal/core/encryption.py
  • journal/core/config.py