I do a weekly system image backup and also an additional backup of my Local vault (runs when its decrypted). Is there any need for the vault backup, or is this redundant with the system image backup and if so, where do I look to confirm it’s there? I am aware that the vault needs to be “unlocked and revealed” when either backup runs. When I open the system image backup, I do see a folder titled “Local Vault” under: PC > Windows > User > [Name] > Local Vault, and it contains all the expected Cryptomator files (vault, masterkey, backup, folder with all the encrypted content), but I think I was expecting to see all the decrypted folders and files.
encrypted cryptomator vault files are just files like any other.
So if your system image backup includes your whole hard drive, then yes, your vault is included.
(as you already mentioned)
no, because they are encrypted. What you see when you unlock a vault is a virtual drive and an unencrypted state of your encrypted files. But physically the files are still encrypted on your hard drive.
Nevertheless I recommend to have at least one backup that does not include cryptomator. Just in case something really bad happens to your vault.
OK, but there’s an interesting difference between the two backups…my hard drive image backup shows the vault contents in the encrypted state (as shown in the screenshot above). BUT my vault backup shows all my folders and files in an unencrypted state. They both backup using the same program, so why would the image backup show encrypted stuff and the vault backup shows everything unencrypted?
I can only assume as I do not know your exact backup setup.
But to me it looks like that your vault backup has the virtual drive as source and somewhere else as target. And then the unencrypted files from within the vault are backed up.
The system backup has your C partition as source (and thus your encrypted vault files) and so the encrypted files are backed up.
Yes, the vault backup points directly (and only) to my decrypted vault as the source and an external drive as the target.
The system image backup includes all 5 partitions as shown below:
So this explains the difference between the two backups? And back to my original question, is it unnecessary to do the vault backup or does that serve the purpose (suggestion you made) about having a non-Cryptomator backup (technically it IS backing up FROM Cryptomator but in a decrypted form)?
No, its not. Think about the following scenario:
For whatever reason one or more files in your vault was destroyed/corrupted by a malfunction of cryptomator, without you noticing it. Then none of your backups brings back your file. The system backups contain the encrypted state of your destroyed//corrupted file, the unencrypted backup is also a corrupted file, because it was taken out of a cryptomator vault. And as you didnt notice, maybe your historical files are also not usable anymore.
This is why I recommend to do at least 1 backup of a file, that does not need to have an other program (cryptomator or any other encryption software) to be accessed.
Please keep in mind: this is a very personal opinion and I might be a little paranoid when it comes to data security (but I never lost a file in decades).