Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/xwmx/nb/llms.txt

Use this file to discover all available pages before exploring further.

nb lets you protect individual notes and bookmarks with a password at the moment of creation. Encrypted items are stored on disk with an .enc extension and are decrypted in memory only when you view or edit them — your password is never stored anywhere by nb. This makes it safe to sync encrypted notes to a remote Git repository or a cloud syncing service without exposing their contents.

Creating an Encrypted Note

Add the -e / --encrypt flag to nb add to create a password-protected note. nb will prompt you to set a password before the file is written to disk:
# create a new encrypted note and open it in your editor
nb add --encrypt

# create an encrypted note with a title
nb add --title "Secret Document" --encrypt

# shorthand flag
nb add -e
The resulting file is stored with an .enc extension:
 nb ls
home
----
[3] 🔒 encrypted-note.md.enc
[2] 🔖 Example Bookmark (example.com)
[1] example.md
The 🔒 indicator identifies encrypted items in all listing views.

Creating an Encrypted Bookmark

Bookmarks can be encrypted in the same way using the -e / --encrypt flag:
# create a password-protected, encrypted bookmark
nb https://example.com --encrypt
Encrypted bookmarks appear with both the bookmark and lock indicators:
 nb ls
home
----
[3] 🔒 encrypted-note.md.enc
[2] 🔖 Example Bookmark (example.com)
[1] 🔖 🔒 encrypted.bookmark.md.enc

Viewing Encrypted Notes

When you view, open, or peek at an encrypted item, nb prompts for the password before displaying the content:
# view an encrypted note (prompts for password)
nb show 3

# open an encrypted bookmark in the browser (prompts for password)
nb open 1
nb open and nb peek work seamlessly with encrypted bookmarks — nb simply prompts for the password before proceeding.

Editing Encrypted Notes

nb edit handles the full encrypt–edit–re-encrypt cycle automatically:
  1. Prompts for the note’s password.
  2. Decrypts the content and opens it in your editor.
  3. Re-encrypts the updated content and saves the new version when you close the editor.
# edit an encrypted note
nb edit 3
Each encrypted item has its own independent password. There is no master password or keyring — losing the password for an item means that item cannot be decrypted.

Encryption Tool Configuration

nb uses OpenSSL with AES-256 encryption by default. GPG is also supported. Change the tool with nb set encryption_tool:
nb set encryption_tool openssl
OpenSSL is available on virtually every Unix-like system and requires no additional setup. Encrypted files can be decrypted with the openssl command line tool independently of nb.
The $NB_ENCRYPTION_TOOL environment variable also controls the tool:
# in your shell profile or .env
export NB_ENCRYPTION_TOOL=gpg   # or openssl
VariableDefaultSupported Values
$NB_ENCRYPTION_TOOLopensslopenssl, gpg

Portability: Decrypting Without nb

Because nb uses standard tools for encryption, you are never locked in. Encrypted files can be decrypted directly from the command line using the same tool that created them — no dependency on nb required.
Keep your passwords safe. nb does not store, cache, or recover passwords. If you forget the password for an encrypted note, the content cannot be recovered.

How Encryption Interacts with Git Sync

Encrypted notes are binary files from Git’s perspective. When a sync conflict occurs on an encrypted note, nb cannot perform a text merge. Instead, it saves both versions as separate files in the notebook — appending --conflicted-copy to the remote version’s filename. Resolve the conflict by comparing both files, combining them manually, and deleting the --conflicted-copy file.
To avoid sync conflicts on encrypted notes, avoid editing the same encrypted note on two devices before syncing. Run nb sync before and after editing on each machine.

Build docs developers (and LLMs) love