Hi I am advising an organisation on their data storage needs and cryptomator looks like the best way of ensuring e2e encryption with either nextcloud or onedrive.
The question I have is would all the clients need to sync the entire shared vault? Or is it capable of working with only a partially downloaded vault since the encryption is on each individual file.
The entire vault for the org is likely to be around 1TB and currently most of the client PCs don’t have that much storage.
As you cannot identify specific (unencrypted) files within the encrypted bunch of vault-files (d folder) you have to sync the complete vault. The single file encryption is true and means that there’s no need to down-/upload the complete vault on every update. But you have to have all vault files on the local machine to find a specific unencrypted file in you opened vault. (Hope i described it understandable)
There are other solutions that provide direct access to you vault with no need to sync it locally (like cyberduck or mountain duck), but from my point of view these are not appropriate business solutions.
Further more, Cryptomator is designed for typical private usage and not for handling terabyte of data in an enterprise environment (although it would work).
If you are looking for an enterprise solution, please have a look at Cryptomator server