mirror of
https://github.com/jackyzha0/quartz.git
synced 2025-12-19 10:54:06 -06:00
107 lines
3.1 KiB
Markdown
107 lines
3.1 KiB
Markdown
---
|
|
title: "Encrypt"
|
|
tags:
|
|
- plugin/transformer
|
|
encrypt: true
|
|
encryptConfig:
|
|
password: "quartz"
|
|
message: '^ Password is "quartz"'
|
|
---
|
|
|
|
This plugin enables content encryption for sensitive pages in your Quartz site. It uses AES encryption with password-based access control, allowing you to protect specific pages or entire folders with passwords.
|
|
|
|
> [!note]
|
|
> For information on how to add, remove or configure plugins, see the [[configuration#Plugins|Configuration]] page.
|
|
|
|
## Configuration
|
|
|
|
```typescript
|
|
Plugin.Encrypt({
|
|
algorithm: "aes-256-cbc", // Encryption algorithm
|
|
ttl: 3600 * 24 * 7, // Password cache TTL in seconds (7 days)
|
|
message: "This content is encrypted.", // Default message shown
|
|
encryptedFolders: {
|
|
// Simple password for a folder
|
|
"private/": "folder-password",
|
|
|
|
// Advanced configuration for a folder
|
|
"secure/": {
|
|
password: "advanced-password",
|
|
algorithm: "aes-256-gcm",
|
|
ttl: 3600 * 24 * 30, // 30 days
|
|
message: "Authorized access only",
|
|
},
|
|
},
|
|
})
|
|
```
|
|
|
|
> [!warning]
|
|
> Important security notes:
|
|
>
|
|
> - All non-markdown files remain unencrypted in the final build
|
|
> - Encrypted content is still visible in your source repository if it's public
|
|
> - Use this for access control, not for storing highly sensitive secrets
|
|
|
|
### Configuration Options
|
|
|
|
- `algorithm`: Encryption algorithm to use
|
|
- `"aes-256-cbc"` (default): AES-256 in CBC mode
|
|
- `"aes-256-gcm"`: AES-256 in GCM mode (authenticated encryption)
|
|
- Key length is automatically inferred from the algorithm (e.g., 256-bit = 32 bytes)
|
|
- `encryptedFolders`: Object mapping folder paths to passwords or configuration objects for folder-level encryption
|
|
- `ttl`: Time-to-live for cached passwords in seconds (default: 604800 = 7 days, set to 0 for session-only)
|
|
- `message`: Message to be displayed in the decryption page
|
|
|
|
## How Configuration Works
|
|
|
|
### Configuration Inheritance
|
|
|
|
Settings cascade down through your folder structure:
|
|
|
|
```typescript
|
|
encryptedFolders: {
|
|
"docs/": {
|
|
password: "docs-password",
|
|
algorithm: "aes-256-gcm"
|
|
},
|
|
"docs/internal/": {
|
|
password: "internal-password"
|
|
// Inherits algorithm from parent folder
|
|
}
|
|
}
|
|
```
|
|
|
|
In this example:
|
|
|
|
- `docs/page.md` uses `"docs-password"` with `"aes-256-gcm"`
|
|
- `docs/internal/report.md` uses `"internal-password"` but still uses `"aes-256-gcm"` (inherited)
|
|
|
|
### Configuration Priority
|
|
|
|
When multiple configurations apply, the priority is:
|
|
|
|
1. **Page frontmatter** (highest priority)
|
|
2. **Deepest matching folder**
|
|
3. **Parent folders** (inherited settings)
|
|
4. **Global defaults** (lowest priority)
|
|
|
|
## Security Features
|
|
|
|
### Password Caching
|
|
|
|
- Passwords are stored in browser localStorage
|
|
- Automatic expiration based on TTL settings
|
|
- Cached passwords are tried automatically when navigating
|
|
|
|
### Protection Levels
|
|
|
|
- **Content**: Entire page HTML is encrypted
|
|
- **Search/RSS**: Only generic descriptions are exposed
|
|
- **Navigation**: Encrypted pages appear in navigation but require passwords to view
|
|
|
|
## API
|
|
|
|
- Category: Transformer
|
|
- Function name: `Plugin.Encrypt()`
|
|
- Source: [`quartz/plugins/transformers/encrypt.ts`](https://github.com/jackyzha0/quartz/blob/v4/quartz/plugins/transformers/encrypt.ts)
|