Dear Diary... The Encryption Template

Hey lovely people Well, this took quite a bit longer than expected, but it’s finally here - a Template Doc that allows you to implement per-row encryption in your own Coda docs that’s performant, user-friendly, and seriously secure.

I’ve included a setup guide that allows you to customize your own setup, and get up and running in a few minutes without any technical knowledge or prior experience. Feel free to use it however you’d like; it’s my small way of giving back to the amazing community who I’ve learned so much from.

If you’ve got any questions or need some support, feel free to comment on this post or pop me an email. Here it is, Dear Diary… The Encryption Template:

So what took so long?

I’ve been totally blown away by the response to my last community post, Encryption in Coda: Can you keep a secret?. After 9 days, it became the most viewed post by a community member over the last year, and right now it’s not far away from overtaking even the Coda 3.0 announcement post. Holy cow!

Given the response, I knew that making the solution into an easy-to-use template could be something that the community would find helpful. It also gave me a good reason to look at an issue that Paul had pointed out. The fatal flaw in CYKAS was that I wasn’t successfully working around Row Activity and Version History. To explain, whenever you edit anything within a table in Coda, that update is saved to the row’s “Row Activity” - an audit trail of all revisions. Version History is a similar feature which saves regular snapshots of your doc for backup purposes, allowing you to easily roll-back your doc to a previous snapshot. Both are fantastic features of the platform, but work against us in this particular case.

The problem then became how do we allow users to enter sensitive information into Coda (so that we can encrypt it for them) without ever actually saving that information to the doc? I pretty quickly figured out that forms were going to be a key part of that solution. What’s great about forms is that whatever you enter is only saved to the doc when you click [Submit] at the bottom of the form. This gives us a secure sandbox where the users’ actions aren’t logged - they can enter whatever sensitive information they want and as long as that information is cleared before they click [Submit] then it’ll never be stored to the table and hence will never be backed up to Coda’s servers.

Unfortunately, life is not that simple. Forms were a big part of the final solution but they had their own quirks which I needed to work around. In the end, I had to use pretty much every trick I had up my sleeve, but I finally cracked it. I hope you’ll agree that the final solution is elegant and user friendly.

There are a few other updates that improved performance by around 33%, and squashed a few edge-case decryption bugs. And of course the final solution needed to be portable, so that even users on Coda’s Free Plan could use it without running over their allocated limits.

As always, I’ve documented everything I learned along the way, so the template serves a secondary purpose of sharing whatever lessons, tips and tricks I picked up. There are also a ton of fun UI tricks I’ve been desperate to post, a tribute to a personal hero of mine, and some insider secrets that really shouldn’t get into the wrong hands…

Jono you are definitely a rockstar when it comes to making docs! Your password help took my IT platform to a higher level and this one will no doubt make that even more so. I love the passion you have for these challenges and the amazing work you do. Thank you so much for your help in the past and for producing these amazing docs. Cant wait to see what you will do next!

well @Jono_Bouwmeester,

you have done it again. in fact you have excelled yourself.

so many new techniques and tricks on top of solving the central problem of never revealing the plain text to the coda server side at all.

and may i say that your short manafesto about being an OPS DEVELOPER, echoed in my heart

very well done indeed

respect
max

Gents, thank you for the kind words. Hope you manage to find the template useful, or at least some aspect of the doc.

@Terry_Stagg, now that I can put encryption to rest, I’m working on such a fun demo next. Watch this space. I’d give a time estimate, but I think my track record is 0% accuracy on time estimations at the moment! I guess you’ll have to just watch this space.

@Agile_Dynamics , I’m so glad you enjoyed that ops dev passage - after @Brian_Sowards brought that up in our last Zoom, it’s been bouncing around my head ever since.

That is some motherlode of tricks!

Love how you change the content of the page dynamically depending on the simple/advanced switches. And the “in progress” spinner in the buttons is super on spot!

Paul, is it weird that I want to print out this comment and frame it on my wall? A compliment from you is hugely flattering - I think most of my tricks are some variation or combination of something I’ve learned along the way from you. Anyways, glad you enjoyed the doc. I’m working on something really fun which I’ll publish soonish… watch this space!