diff --git a/.github/workflows/testing.yaml b/.github/workflows/testing.yaml
index d2ec4039..2976399f 100644
--- a/.github/workflows/testing.yaml
+++ b/.github/workflows/testing.yaml
@@ -20,6 +20,10 @@ on:
     - 'pyproject.toml'
     - '.github/workflows/testing.yaml'
 
+defaults:
+  run:
+    shell: bash # needed to prevent Windows from using PowerShell
+
 jobs:
   test:
     if: >
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 98a8c5bb..29898eca 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,7 +10,9 @@
 
 **Build:**
 
+- Windows CI behaving unreliable due to mismatch between Powershell & bash retrieving environment variables [\#1323](https://github.com/jrnl-org/jrnl/issues/1323)
 - Python 3.10 build action is failing on poetry dependency installation [\#1321](https://github.com/jrnl-org/jrnl/issues/1321)
+- Set bash as default shell [\#1324](https://github.com/jrnl-org/jrnl/pull/1324) ([micahellison](https://github.com/micahellison))
 
 **Packaging:**
 
diff --git a/jrnl/DayOneJournal.py b/jrnl/DayOneJournal.py
index 01b934e5..1e484365 100644
--- a/jrnl/DayOneJournal.py
+++ b/jrnl/DayOneJournal.py
@@ -32,6 +32,7 @@ class DayOne(Journal.Journal):
     def __init__(self, **kwargs):
         self.entries = []
         self._deleted_entries = []
+        self.can_be_encrypted = False
         super().__init__(**kwargs)
 
     def open(self):
diff --git a/jrnl/FolderJournal.py b/jrnl/FolderJournal.py
index b2b1bf49..23fdebd9 100644
--- a/jrnl/FolderJournal.py
+++ b/jrnl/FolderJournal.py
@@ -25,6 +25,7 @@ class Folder(Journal.Journal):
     def __init__(self, name="default", **kwargs):
         self.entries = []
         self._diff_entry_dates = []
+        self.can_be_encrypted = False
         super().__init__(name, **kwargs)
 
     def open(self):
diff --git a/jrnl/commands.py b/jrnl/commands.py
index 07ca0767..d765242a 100644
--- a/jrnl/commands.py
+++ b/jrnl/commands.py
@@ -13,6 +13,7 @@ avoid any possible overhead for these standalone commands.
 """
 import platform
 import sys
+from .exception import JrnlError
 
 
 def preconfig_diagnostic(_):
@@ -68,6 +69,13 @@ def postconfig_encrypt(args, config, original_config, **kwargs):
     # Open the journal
     journal = open_journal(args.journal_name, config)
 
+    if hasattr(journal, "can_be_encrypted") and not journal.can_be_encrypted:
+        raise JrnlError(
+            "CannotEncryptJournalType",
+            journal_name=args.journal_name,
+            journal_type=journal.__class__.__name__,
+        )
+
     journal.config["encrypt"] = True
 
     new_journal = EncryptedJournal.from_journal(journal)
diff --git a/jrnl/exception.py b/jrnl/exception.py
index 07bf9023..0bafbdeb 100644
--- a/jrnl/exception.py
+++ b/jrnl/exception.py
@@ -38,6 +38,13 @@ class JrnlError(Exception):
                 by at least {columns} in the configuration file or by using
                 --config-override at the command line
                 """,
+            "CannotEncryptJournalType": """
+                The journal {journal_name} can't be encrypted because it is a
+                {journal_type} journal.
+
+                To encrypt it, create a new journal referencing a file, export
+                this journal to the new journal, then encrypt the new journal.
+                """,
         }
 
         msg = error_messages[self.error_type].format(**kwargs)
diff --git a/tests/bdd/features/encrypt.feature b/tests/bdd/features/encrypt.feature
index 31d53520..02bff32f 100644
--- a/tests/bdd/features/encrypt.feature
+++ b/tests/bdd/features/encrypt.feature
@@ -28,15 +28,30 @@ Feature: Encrypting and decrypting journals
     # This should warn the user that the journal is already encrypted
 
 
-    Scenario: Encrypting a journal
+    Scenario Outline: Encrypting a journal
         Given we use the config "simple.yaml"
         When we run "jrnl --encrypt" and enter
             swordfish
             swordfish
             n
-        Then we should see the message "Journal encrypted"
+        Then we should get no error
+        And we should see the message "Journal encrypted"
         And the config for journal "default" should contain "encrypt: true"
         When we run "jrnl -n 1" and enter "swordfish"
         Then we should be prompted for a password
         And the output should contain "2013-06-10 15:40 Life is good"
 
+        Examples: configs
+        | config_file        |
+        | basic_onefile.yaml |
+
+
+    Scenario Outline: Attempt to encrypt a folder or DayOne journal should result in an error
+        Given we use the config "<config_file>"
+        When we run "jrnl --encrypt"
+        Then the error output should contain "can't be encrypted"
+
+        Examples: configs
+        | config_file       |
+        | basic_folder.yaml |
+        | basic_dayone.yaml |