8.1 KiB
date | description | mp-syndicate-to | post_meta | preview | tags | title | type | url | |||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2022-02-13 10:08:02+00:00 | What are some good FOSS and paid tools for storing and sharing practical-but-personal info about your household with family? |
|
|
/social/13098d7e5b92b41464588160d704426ac91479f7b1fac72b0fd9c8c2181decb2.png |
|
Finding a Secure Knowledge Management Solution for Running a Household in 2022 | posts | /2022/2/13/running-a-house-knowledge-management |
In episode 6 of #100DaysToOffload I've been playing with some strategies for running the house with my wife.
"Do you have the login for the car insurance?"
"Which home insurance provider are we with now? I just spilled red wine on the carpet"
"What day does the mortgage come out of our joint account?"
These are questions, particularly that 2nd one, that I want to be able to answer at the drop of a hat. However, there are also a couple of other key constraints:
- either one of us must be able to find the answer to these questions if the other person is not around (I travel for work and of course, we have to consider emergency situations where one of us is incapacitated).
- These systems must not compromise our personal security - I don't want fraudsters and hackers knowing my life insurance policy number.
- This system must be easy to access in an emergency. If, hypothetically, there's a burst water main at home while I'm away travelling or I've been in a car accident and I need to find my insurance details, I don't want to be frantically searching for important information in a flustered state wondering which "safe place" I've left it in.
Unfortunately, 1 and 3 are somewhat in direct conflict with 2 since ease of access requires fewer barriers to access which kind of implies less secure.
Solution 1: Physical Notebooks
I'm a big fan of bullet journalling and I'll often carry a scratch pad and a pen around with me to record things as they unfold. However, there are a few problems with this approach. Firstly, only the person in possession of the notebook can access it at any given time (that's a strike for 1.), it only works for 3. if I haven't mislaid it or it wasn't damaged/destroyed in the emergency and if I leave my bag on a train (hopefully unlikely but there's a first time for everything) or have it stolen then 2. is out of the window unless my wife and I were able to read and write in some kind of secure cypher like fictional savants straight out of an Arthur Conan Doyle novel.
Solution 2: Personal Wiki
I've been using DokuWiki and more recently Bookstack as personal Zettelkasten-like knowledge management repositories for years. I really like the simplicity (in setup, computational requirements and usage) of DokuWiki and I like the look, feel and user experience of BookStack (the integration with draw.io is fab).
Both systems would give my wife and I easy access to documents that we can both control without the other person being around to assist with access (1: tick).
I run all my web applications behind caddy with TLS encryption enabled for all requests and both wiki systems have comprehensive access control and permissioning systems. However, DokuWiki stores wiki data in flat file text files and Bookstack in MySQL records and there's there's something that gives me the heebie-jeebies about storing very personal information un-encrypted on a web-facing server even if it's otherwise locked down from a NAT security point-of-view. DokuWiki does seem to have an end-to-end client-side encryption plugin but even the developer warns not to use this plugin in place of "a password manager or peer reviewed cryptography tools". Bookstack offers some advice on security and offers MFA via authenticator apps and I suppose I could encrypt the MySQL MariaDB database. 2 gets a more dubious tick.
3 is an interesting one here: neither wiki solution would work in an emergency where we don't have internet access (or for some reason, the server hosting the wiki was unavailable for some reason). There is an app that generates a local mirror of a dokuwiki on your android phone and the dokuwiki sync plugin can be used to make local copies on mine and my wife's phones and computers. However, this doesn't feel like the most useable solution. Bookstack has documentation on how you can back it up and restore it but again this is probably not something my wife or I would want to be faffing about with regularly.
Solution 3: Password Manager
It's not FOSS and it's owned by private equity but they do have a family account offering where two members of the same family can share passwords and secure notes. I could also use bitwarden who have an open core business model. In both cases the software is easy-ish to use (1: tick) syncs a local database of passwords to and from your device so you at least have offline access in an emergency (3: tick). You'd think that security would be something that a password management system would do very well so I would hope that 2 would also be a tick.
The only thing that puts me off is specifically user experience of navigating around the knowledge-base. These products are designed as password managers not note-taking platforms so they're not geared up for things like links between documents - you have to know which file you're searching for in advance whereas I'd like the ability to be able to lay out inter-connected pages that are easy to navigate between.
Solution 4: Notes Apps
I used to be a big fan of Evernote but in the last few years a lot of competitive alternatives have become available. In recent times I've really enjoyed using Joplin which is a mature FOSS note taking app with pretty much all of the features Evernote had 5 years ago as well as being fast and relatively lightweight (although it is an Electron app so it does seem to like to nom RAM).
We can both install the app on our phones and laptops and easily have access to our notes anywhere any time and assuming we've done a recent sync, we should have access to everything even without internet access (1 and 3, tick).
So what about 2? Well Joplin offers offline access to your notes and end-to-end encryption (notes are stored encrypted at rest and during sync) so tick right? Not quite... the only downside for using Joplin in my "running the house" pattern is that [sharing encrypted notes is not yet supported](https://discourse.joplinapp.org/t/how-does-joplin-cloud-hanle-encryption-when-note-or-notebook-is-shared/19075/3 s, whilst synchronization is all done over HTTPS/TLS, my personal information could potentially be stored un-encrypted on the joplin server before being downloaded by my wife.
Whilst I really like Joplin, I feel like it's UX is not as polished as something like Bookstack or even closed source stuff like Notion.
Conclusion
No solution perfectly satisfies all 3 of my constraints but it seems like a combination of a notes app or personal wiki with a password manager could be the answer. For example a wiki page about our utilities companies with links to the relevant entry in a password manager that contains the confidential/personal information like policy numbers, passwords etc.
I'd also love to hear from readers about potential solutions I've not considered or challenges I've overlooked.