Hey lovely people Well, this took quite a bit longer than expected, but it’s finally here - a Template Doc that allows you to implement per-row encryption in your own Coda docs that’s performant, user-friendly, and seriously secure.
I’ve included a setup guide that allows you to customize your own setup, and get up and running in a few minutes without any technical knowledge or prior experience. Feel free to use it however you’d like; it’s my small way of giving back to the amazing community who I’ve learned so much from.
If you’ve got any questions or need some support, feel free to comment on this post or pop me an email. Here it is, Dear Diary… The Encryption Template:
So what took so long?
I’ve been totally blown away by the response to my last community post, Encryption in Coda: Can you keep a secret?. After 9 days, it became the most viewed post by a community member over the last year, and right now it’s not far away from overtaking even the Coda 3.0 announcement post. Holy cow!
Given the response, I knew that making the solution into an easy-to-use template could be something that the community would find helpful. It also gave me a good reason to look at an issue that Paul had pointed out. The fatal flaw in CYKAS was that I wasn’t successfully working around Row Activity and Version History. To explain, whenever you edit anything within a table in Coda, that update is saved to the row’s “Row Activity” - an audit trail of all revisions. Version History is a similar feature which saves regular snapshots of your doc for backup purposes, allowing you to easily roll-back your doc to a previous snapshot. Both are fantastic features of the platform, but work against us in this particular case.
The problem then became how do we allow users to enter sensitive information into Coda (so that we can encrypt it for them) without ever actually saving that information to the doc? I pretty quickly figured out that forms were going to be a key part of that solution. What’s great about forms is that whatever you enter is only saved to the doc when you click [Submit] at the bottom of the form. This gives us a secure sandbox where the users’ actions aren’t logged - they can enter whatever sensitive information they want and as long as that information is cleared before they click [Submit] then it’ll never be stored to the table and hence will never be backed up to Coda’s servers.
Unfortunately, life is not that simple. Forms were a big part of the final solution but they had their own quirks which I needed to work around. In the end, I had to use pretty much every trick I had up my sleeve, but I finally cracked it. I hope you’ll agree that the final solution is elegant and user friendly.
There are a few other updates that improved performance by around 33%, and squashed a few edge-case decryption bugs. And of course the final solution needed to be portable, so that even users on Coda’s Free Plan could use it without running over their allocated limits.
As always, I’ve documented everything I learned along the way, so the template serves a secondary purpose of sharing whatever lessons, tips and tricks I picked up. There are also a ton of fun UI tricks I’ve been desperate to post, a tribute to a personal hero of mine, and some insider secrets that really shouldn’t get into the wrong hands…