Best practice to future-proof Cryptomator vaults

Hello all,

Just starting to look at encryption options for Cloud Storage. The thought of future-proofing has been brought up before, but I am interested to know if there is a best practice.

Win7 support has just ended, yet 1/3 of all PC’s globally still run Win7. In the case of a Cryptomator Vault, what happens in 5, 10, 20 years from now? If Cryptomator were to die a slow death, be surpassed by other tech or be absorbed by another (for profit or not-for profit) entity, how can we protect ourselves and ensure accessibility to our data?

The onus should not, and does not, fall on Cryptomator for this, but on us the users.

The simplest solution I can think of, is to create and have a backup of a VM running Win7/10 (whichever), complete with Cryptomator installed, configured and working. Theoretically, (providing that this VM is not ALSO encrypted using Cryptomator :sweat_smile:), if needed we could open the VM and have full access to the Cryptomator Vault.

Any other thoughts or input on this are appreciated.


Well, we will only know then.

Cryptomator is not a backup solution. The only way to avoid data loss is always to have a good backup solution. This includes that a Cryptomator vault is not your only backup

That sounds not simple to me. :smile:. The easiest way from my point of view is: do your backups (unencrypted to a secure, local storage like usb drive, NAS, etc)

Hey Michael, nice to meet ya!

Let me clarify. I am not looking to use Cryptomator (CM) as a backup solution. I am looking at Cloud Service solution providers (even home-brew if needed) that incorporate CM in their workflow.

My reasoning for future-proofing is that our world is under terrible stresses at the moment. Australian wildfires, flooding, volcanic eruptions, civil unrest, etc. Having a local (secure, but unencrypted) backup is my current process, but I am looking to mediate potential catastrophic losses. I hope never to be in the above-mentioned circumstances, but the ability to store and retrieve a lifetime (or several generations) of photos, images, recordings, etc (the things that have no intrinsic value but are of priceless sentimental value) is my primary concern.

In 30 years of computers, I have seen my fair share of drives and storage media die, deteriorate or become unreadable. We can’t put 100% confidence that the cloud “memories” will be there forever, but I love the feeling that my memories are protected with eleven 9’s (99.999999999%) of reliability.

I would just hate for the day to come when I need to access the files and see the dreaded “Unable to read your file” message :scream:

Thanks for your input,

Hi Dean.
I totally understand you and one reason for me to store anything in the cloud is indeed a scenario when I’m on vacation and an fire burns down my house (and all the paper and data backups and memories in it).
But: my online files, all encrypted with Cryptomator, are part of my weekly backup routine and is therefore checked every week.
So, lets assume Cryptomator stopped working immediately and there’s no way I can access my Cryptomator vaults. (or even same: let’s assume I forgot my password :smile:).
Then I just delete all the encrypted data I have stored online and offline (it is worthless anyway now), think about if I want to switch to another encryption software/process (or if I just lost my password: create the vaults again), change my backup process and start uploading with my new solution.

My clear opinion: there is no way, no reliable solution that you store important data anywhere, and keep it accessible, without maintenance. You’ll have to check the integrity, accessibility of your backups on a regular basis. Storing something on a usb stick and putting it in a bank safe, is not a good, long term backup strategy to me.


Isn’t the encryption scheme open? I know of at least one iOS app that says it can read it. Plus Cyberduck. Any solution doesn’t need to last forever. Just long enough to transition to something else.

Nothing is forever. And if you’re going to do the work to make sure a windows image will run in the future, you may as well do the work to keep things encrypted.

If you’re really unsure, encrypt the same files with more than one tool. Maybe rclone?

I understand that Cryptomator is an open-source app, but I am not sure about the scheme being “open”. I’ve been trying CyberDuck and MountainDuck, but both of these have Cryptomator integrated into their apps.

As a scheme, it’s not like an old password protected Winzip file or Directory password, this appears to be something that is internal and developed by Cryptomator, a sort of encryptor/obfuscator type of setup (to put it in simple layman terms)

Not that any of this is a problem, of course, and the Cryptomator Vault system seems to work quite well. But with something as valuable as personal or company data, it is a “good thing to know”.

Perhaps @Michael or someone can comment.

The guys from Cyberduck just use a Cryptomator library for high-level access to some cryptographic primitives, but they still implemented the vault directory layout themselves. We skyped with them to speed up development, but all they need is documented here.

Another example would be a decryption program written in C# by @Larry_E. Larry just used the vault format documentation but no source code from Cryptomator (other than for reference). See this thread for details.

Hey @overheadhunter,

Thanks for jumping in on the chat. That is really great news that there are true 3rd party implementations of the Cryptomator library (and the possibility to integrate it for others, a la Cyberduck style. That was the root of my question on future-proofing.

Your explanation clears things up, without us mortal users having to scour documentation to figure things out!