There are many options for encrypting user credentials. Most are paid solutions. Even “Free” solutions quickly become paid when the number of credentials exceeds the small free limits. for free.

Browser based credential storage doesn’t work either because you can’t see the username and password. The password is simply stored in the browser on a single device.  Even if the tool works across devices, it usually lets you see the user name but not the password.

One solution that overcomes all of these problems and is quick and easy to access is Trello with the trello-encryption.js script and TamperMonkey.  TamperMonkey and trello-encryptions.js are required since Trello doesn’t encrypt data on its servers.

 

How does it work

Given its name and function, you might think that the trello-encryption.js script is part of Trello or an extension for Trello. It’s not. It’s JavaScript that runs in a browser and intercepts data when on a Trello page. It then encrypts the intercepted data, encrypts it using a desired password, and passes the encrypted data to Trello as though the user had entered the encrypted data by hand.

Because of this, Trello can remain totally independent app without ever having to know about trello-encryption.js or TamperMonkey

This script will encrypt text in the following fields

  • Checkboxes
  • Comments
  • Titles
  • Description

Since this approach relies on a javascript file being run in the browser, while viewing Trello boards, it will not work on mobile devices, using native apps-since the javascript won’t be running

Exploring trello-encryption.js

The following procedure will show you how to use the out-of-the-box trello-encryption.js script for encrypting sensitive data using Trello.

  1. Download TamperMonkey for Chrome
    1-hoverdroids-trello-encryption-tampermonkey
  2. Open the TamperMonkey Extension -> Open the TamperMonkey Dashboard
    2-hoverdroids-trello-encryption-tampermonkey-open-dashboard
  3. Copy the trello-encryption.js script from the bottom of this page
    3-hoverdroids-trello-encryption-copy-trello-encryption-js
  4. Create a new script file in TamperMonkey -> Paste the trello-encryption code into the file -> Save the trello-encryption.js file into TamperMonkey
    4-hoverdroids-trello-encryption-paste-trello-encryption-js-tampermonkey
  5. The trello-encryption.js script will automatically be enabled. But, to see how it works, disable it for now.
    5-hoverdroids-trello-encryption-turn-off-trello-encryption-in-tampermonkey
  6. Go to the encrypted Trello board to see what it looks like when encryption is disabled. Notice that most cards show long strings of non-sense and random characters. This is what it looks like when data was entered while encryption was on. Also notice that the card on the bottom left is readable text. This is what it looks like when data was entered while encryption was off.The take-away here is that you can store encrypted data and encrypted data in the same boards, lists, and cards simply by enabling/disabling the trello-encryption script and refreshing the page.
    6-hoverdroids-trello-encryption-trello-board-encrypted
  7. Now, return to TamperMonkey and enable the trello-encryption.js script
    7-hoverdroids-trello-encryption-turn-on-trello-encryption-in-tampermonkey
  8. Refresh the page for the encrypted Trello board and notice that the previously encrypted data is now completely readable text.
    8-hoverdroids-trello-encryption-trello-board-decrypted

Customizing trello-encryption.js

The default trello-encryption.js script will encrypt data on all boards that you access in a browser running the script, using the default password of “password”.  Since this isn’t desireable, the following procedure explains how to change the password used for encryption and limit which boards will be encrypted.

  1. Log into your Trello account
  2. Create a new private board called Sensitive Credentials
    9-hoverdroids-trello-encryption-create-user-credentials-board
  3. Copy the Sensitive Credentials url
    10-hoverdroids-trello-encryption-copy-encrypted-board-url-
  4. Open TamperMonkey -> Edit the trello-encryption.js script
    11-hoverdroids-trello-encryption-edit-trello-encrypted-on-tampermonkey
  5. Change the default password to a desired password
    14-hoverdroids-trello-encryption-update-password
  6. Replace “@include http://trello.com/* with “@include http://{the board url}.
    Replace “@include https://trell.com/* with “@include https://{the board url}.
    Save.
    12-hoverdroids-trello-encryption-limit-ecryption-to-sensitive-credentials-board
  7. To prove that the board is encrypted, go to your Sensitive Credentials board and refresh the page – so that the script loads after the changes. Create a new card and give it a title. When you save the card, you should notice a little “flicker” in the text. This is what it looks like when the script is encrypting the text. Now, disable the script in TamperMonkey and refresh the page for the Sensitive Credentials board. The card should now show the encrypted data.
    13-hoverdroids-trello-encryption-limit-ecryption-to-sensitive-credentials-board
  8. You can also prove that the script is disabled on all but the Sensitive Credentials board by enabling the script, going to the Trello Welcome Board, or any other board that was not included above, and entering credentials when trello-encryption is enabled and disabled. You should see that regardless of it being enabled, the text is always unencrypted
    14-hoverdroids-trello-encryption-non-encrypted-board
  9. Finally, remember that when you enter text and save, trello-encrypted.js grabs the text, encrypts it using the password in your instance of the script, and then saves it to the Trello database as an encrypted string. If you try read data on a Trello board that was encrypted using a different password it won’t work; all you will see is encrypted data. To prove this, return to the encrypted Trello board that was previously decrypted and see that it is now encrypted.

Troubleshooting

The trello-encryption.js script works pretty well after it’s first setup and if you keep it enabled from then on. But, if you enable/disable it frequently, say to create hybrid boards that have encrypted and unencrypted data, you’ll eventually have encrypted data show as decrypted and vice versa.

The problem is that Trello moves around with AJAX and doesn’t refresh the page. Since the trell-encryption.js is only updated after a page refresh, the enabling/disabling in TamperMonkey won’t take effect until the next page refresh.

So, just enable/disable and refresh the page before entering data and the script will work as expected.

Download trello-encryption.js

The following trello-encryption.js script was downloaded from this trello board. The script is captured here for quicker reference and just in case the Trello board is destroyed.