I use Macrium reflect for backing up. In order to set up scheduled backups, it needs to be able to map (see) a vault in it’s unencrypted state in order to work. It appears if I set up my vaults to automatically pick a location OR use a specific drive letter, that the vault appears in Windows Explorer as a virtual drive and therefore cannot be seen" by Macrium. However, if I set it up to use a directory (a folder I create for each separate vault) , Macrium can “see” and therefore map to that folder and back it up. Am I interpreting this correctly and is there anything I give up in terms of functionality by doing it this way?
I’ve had the same issue with CrashPlan backups. As far as I can tell, no functional loss… Seems to work as expected once placed into a folder.
Would one of you be kind enough to explain how one sets Cryptomator up to use a directory (folder created for each separate vault)? I understand how to assign a permanent drive letter but do not understand how to assign a directory. I was about to abandon Cryptomator for the very reason of being unable to back up my data in an unencrypted form when I saw this post!
And I am sure others would appreciate knowing how to do this too.
I had been using AOMEI Backupper (Paid) but have just switched to Marcium because the latter makes it easy to avoid the permissions issues when mounting the back up image and also the ransomware protection.
Thank you!!
Lock your vault.
Go to vault settings.
Select tab „virtual drive“
Change volume type. It’s described there which of the options allow mounting as folder instead of virtual drive.
https://docs.cryptomator.org/en/latest/desktop/volume-type.html
Thanks, but this does not seem enough : as stated in Using Backup tools with unencrypted vaults I succeeded in mounting vault into folder (with Winfsp(local)) but backups tools still do not work.
Here are the steps I used:
Create a new vault
Choose a custom location to store the encrypted files of the vault. I chose C:\Users\Will\filename
Finish the process by assigning password and unlock the vault to confirm it is working.
Then, lock the vault and select “Vault Options”. Choose Mounting and select “Use chosen directory”
When the “Pick a Directory window” opens, you need to create a new empty folder ( I gave mine the same filename as the vault, but add “mount point” to the the file name). When done, that window closes and you’re back to Unlocking it. Do that to confirm its working and has the Welcome file in it.
Once done, I went into Macrium, chose “create a new file/folder backup” and selected that folder (“filename mount point”). Put it on a schedule if you like it to run automatically. Done.
One more way to check it - after you re-lock that vault, go back to the folder “filename mount point” and it should now show it as empty. Remember - to back up, the vault needs to be unlocked first so the unencrypted contents are made visible (If not unlocked, I suspect you’re just backing up an empty folder). This is also important because if you set up the backup to run automatically on a specific time schedule, you’ll always need to remember to unlock it first, and I don’t think Cryptomator can automate the unlocking process.
If you use the directory method you will NOT see a drive appear in Windows Explorer like you would if you created it as a virtual drive.
If I’ve some how done it wrong or there is a better way I’ll defer to the experts like Michael to weigh in.
Thanks Blue_Sky, so I tried Macrium and it works ! Unfortunately Macrium is not one of the sync/backup tools I use by now (I noticed Macrium includes AES encrypting). SyncBack and Acronis are very common but no one seems to use them with CM. I go on investigating.
I concur on Blue_Sky’s methodolgy. CrashPlan works well with this method, but I do acknowledge that CrashPlan is quite expensive, but IMHO is the best at what it does. It also does End-to-End encryption of the unencrypted Cryptomator files. Though admittedly, in recent years, CrashPlan has become more restrictive in what it will back up. But certainly it backs up what is most important. I also use Arq Backup other items. Arq is just the software though, you have to have cloud backup storage (think Dropbox, OneDrive, Google Drive, etc.) It uses that storage space, but in its encrypted file formatted uploads (looks kinda like the encrypted Cryptomator files do).
has this stopped working at the beginning of November 2023? I just noticed that my files aren’t being backed up by CrashPlan any longer. When I go in and select the mounted folder, there are no contents in the folder indicated in CrashPlan interface… Not sure if this is change in CrashPlan or in Cryptomator… but it lists all backups as being “deleted files” in earlier November 2023…
Hi, I am using Blue_Sky’s method for my backup source file in Acronis and I get the error “Failed to back up file or folder xxx. It may be blocked by another application.” as I have described in this separate case Using a CM decrypted folder as backup source for Acronis gives access blocked error
Anyone else gets similar errors with Acronis or any other backup tool?
Any suggestions? Thanks!
Hi @MaxSverdlove Have you ever solved that problem? I’m running into the exact same issue. Cannot backup the unencrypted files using CrashPlan…
@haebby unfortunately, I came to the realization that CrashPlan was backing up the files, but there was no way to navigate to them without searching. It appears this is same issue I’ve had with other services. For some reason you can’t navigate the folder in the backup software, but if you search the folder, it’ll find the file.
I tried multiple solutions. Currently I use iDrive. It was able to see them when mounted as an external drive vs as a folder. BUT, since an update to iDrive about 3 months ago, they now require that external drives authenticate. But Cryptomator doesn’t actually have authentication so that solution stopped working.
My current solution:
I figured out the only way to get it to work. And I’m guessing this will work with any backup service.
However it requires duplicating the files (double the disk space) and syncing them using GoodSync.
So I just created folders in C:/GoodSync for each of my Cryptomator vaults. I have 3 set up to load as virtual drives. I assigned drive letters I M and S. So I created folders I M and S in the C:/GoodSync folder I created. Then sync the total contents of the 3 drives to the respective 3 folders and set iDrive to backup the entire contents of the C:/GoodSync folder.
Note the initial sync of the folder needs to be one-way from the virtual drive to the GoodSync folder. If you don’t, it’ll probably delete your files. Once it copies over everything, you can set it to two way sync. I have mine set to wait 20 seconds after any changes to do the sync and then I have it set to do a full verify sync every hour.
FYI, This also enables search to index your Cryptomator files.
Hope this helps and makes sense.
I have my vault stored out on Sync.com (cloud) in a folder titled “Cryptomator vault” - original huh?). Its pretty seemless with few steps. I tell cryptomator to remember the location, that way all I have to do is paste in my password and its open and decrypted. Then I run my backup program (Macrium Reflect) after that to get my backup. That backup is stored on an encrypted external drive.
Thanks much @MaxSverdlove! It’s unfortunate that Cryptomator isn’t able to cleanly support such scenario, and that a workaround like you came up with is needed. Thanks for sharing I’ve been looking into GoodSync as well - it might actually do what I need without Cryptomator, but I couldn’t find yet a clear and decisive statement from them on whether they’re truly zero-knwoledge.
Thanks @Blue_Sky So it seems that Marcium can support this, CrashPlan not. Might look into it. Thanks for sharing.
The encryption scheme of Cryptomator is zero-knowledge, but stating it is the same as saying “water does not contain alcohol”.
Zero-knowledge means, that the software/service vendor (or any data processing third party) cannot decrypt your encrypted data, only you. It is used in the context where your data is also stored/processed on servers by the same vendor. Cryptomator is a local-only encryption tool, it does not require an internet connection to work and only uses the internet connetion for something like update checks. Particularly, there is no user generated data stored on any server.