StandardNotes with GitHub

April 30, 2018

The GitHub Push Extension is quite good.

Create a GH token and paste into the field in the footer (created by the extension). When I created the token I associated it with 'full access' - I'm not sure anything else would work, especially with private repositories.

In the note you want to commit, pick a repository from the drop-down list, optionally enter a diectory name in the 'Directory' field, change the file extension (I changed the default txt to md), optionally add a commit message and click 'Push Changes'.

I found that this worked perfectly. The directory name I entered was used to create a directory in the root of the repository and the note was committed and pushed. I opened the repository in the browser and there was the file. It rendered perfectly (as you'd expect).

A few things I noticed:

  1. The repository, directory and file extension values are static. Once you have pushed changes in one note and navigated to another, the values remain the same but the association is lost. It would be nice if, when returning to a note, the Repository, Directory and File Extensions previously used for that note were restored so I can continue editing and then simply click push again to have the same GH file update with the note changes.
  2. The panel containing the GH Push fields cannot be enlarged - below a certain size, scrollbars appear which look horrible, cause clipping of the panel contents and make selection fiddly. A horizontal splitter would be nice, so the user could give the panel more space. It would also be good to have some way to hide and reveal the panel.
  3. The list of repositories appears to be static: it doesn't refresh unless you logout (clicking the Logout link in the panel) and login again.
  4. There's no way to select an existing directory in the 'Directory' field - I must know the directory structure and type the directory path accurately every time.

Wouldn't it be great if notes could be opened directly from a GitHub repo, into StandardNotes? This is a feature I would vote for.

But this brings me on to an obvious and serious issue with GH integration. The characteristic feature of StandardNotes is security: all notes encrypted locally, in transit and in the cloud. As soon as you start pushing to GitHub with this extension, the security almost evaporates. Users will have to take particular care which note they are editing when clicking 'Push Changes'. In point (1) above I noted that the repository and directory settings are static: navigating from one note to another doesn't clear them. If you navigate to a note with sensitive content, you are one click away from pushing it to a GH repo, which will be public unless you're a paying subscriber and have made the repo private.

I'm very conflicted by this: the extension is genuinely useful, but terribly contradictory. It seems odd for the author to endorse an extension which has the power to undermine the fundamental, distinctive feature of his product.