Org-mode needs to be loaded as
org-crypt is bundled along with the package but isn't loaded by default.
Once that's done, we can now laod up
We have to deal with autosaving as we don't want unencrypted data to get to the disk. We'll keep it disabled in buffers that make use of the module. We will set the
'encrypt which re-encrypts on ever autosave so unencrypted data doesn't get on disk which is good, but it also reverts the buffer back to the encrypted version which can be annoying. This is price to pay for good security I suppose.
(org-crypt-use-before-save-magic) (setq org-crypt-disable-auto-save 'encrypt)
We must either specify a Key ID from GnuPG or keep the value
nil to use symmetric encryption.
(setq org-crypt-key user-mail-address)
We need to specify which tag to use for encrypting org headings. We will make use of #ENCRYPTED.
(setq org-crypt-tag-matcher "ENCRYPTED")
DO NOT let this tag be inherited. It will cause
org-encrypt having encrypted text inside of encrypted text.
(add-to-list 'org-tags-exclude-from-inheritance org-crypt-tag-matcher)
Finally we need to provide this module.