I’ve never tried this, but:
You could probably serve the files hugo generates via apache from an encrypted volume, using http://ecryptfs.org/.
Then, protect the folder being served via
.htpasswd so that you’re prompted for the credentials when you access.
Of course, viewing the content should be done over
https so the stream of data from webserver to your client is encrypted, and you can fake an ssl cert for localhost.
As for protecting the markdown files, again, you could probably use ecryptfs or something like a
truecrypt volume, which you mount with a passphrase, then make a static link to (i.e.
content for instance). That way you just edit as usual, but connected to a mounted encrypted volume.
But this is all basically outside hugo anyway, and just my wild guess. Too many moving parts if you ask me.