Secret Blocks
Secret blocks let you store encrypted values — passwords, API keys, tokens — inline within your markdown notes. They’re encrypted individually with AES-256-GCM and stored as ciphertext in the .md file.
Syntax
Section titled “Syntax”Secret blocks use a fenced syntax with the :::secret directive:
:::secret[Label]your-secret-value:::On save, the plaintext value is encrypted and replaced with the ciphertext:
:::secret[Database Password]enc:v1:aGVsbG8gd29ybGQ...:::Creating Secrets
Section titled “Creating Secrets”Using Templates (Recommended)
Section titled “Using Templates (Recommended)”Press Cmd+Shift+S / Ctrl+Shift+S to open the secret template picker. Available templates:
| Template | Fields |
|---|---|
| Password | Label, value |
| API Key | Label, key |
| Credit Card | Number, expiry, CVV, name |
| SSH Key | Label, private key |
| Env Variable | Variable name, value |
| License Key | Label, key |
| Recovery Code | Label, codes |
| Custom | Label, value |
Manual Syntax
Section titled “Manual Syntax”You can type the :::secret fence directly in the editor:
:::secret[My API Key]sk-abc123def456:::Viewing and Copying
Section titled “Viewing and Copying”- Click a locked secret card to reveal its value.
- Click “Copy” to copy the value to your clipboard (auto-cleared after 30 seconds).
- Secrets auto-hide after 30 seconds of being revealed.
- Click again or press Escape to re-lock immediately.
Security Details
Section titled “Security Details”- Each secret block is encrypted with a unique nonce (AES-256-GCM).
- Secret values are encrypted — labels remain plaintext for searchability.
- The encryption key is derived from your master password via Argon2id.
- Decrypted values are zeroed from memory when a card is collapsed or the vault is locked.
- Secret values are never indexed by the search engine — only labels are searchable.