Encrypting external drives (replacing Veracrypt)

I have 2 external drives, both encrypted using Veracrypt. When I try and create a backup using Macrium Reflect to either (after being decrypted), Reflect doesn’t see them (and yes, I’m pointing to the DECRYPTED volumes, not the encrypted drives). Bottom line - I want my backups to reside in an encrypted location (drive). Veracrypt shows them, but Reflect can’t see them, so that plan seems to be a nonstarter.

I am familiar with Cryptomater and currently use it for folder and files in the cloud, and know it can also encrypt locally. In fact, I previously used it for local vaults, but then went to Veracrypt given all the talk – Veracrypt is for local, Cryptomator is for cloud.

So if I tried CR again for local, would anyone know if the local vault will also not be seen by Reflect?

I’m aware that any encrypted drive or volume needs to be decrypted PRIOR to a backup running. My hesitation is based on Cryptomator being seen primarily as a cloud encryption tool, not a local one.

Any thoughts? Suggestions? Other options?

Addendum - I just learned Reflect can password protect (AES 256) backups, so maybe relying on Veracrypt or Cryptomator for this is unnecessary and adds more steps?

My opinion is: Apply KISS principle here. If you trust the encryption of Macrium Reflect, use it and ditch addtional solutions. A pro of Veracrypt or Cryptomator is, that the encryption schemes are public, i.e. even when the software does not work anymore, someone is able to write a working app to decrypt the data.


Cryptomators encryption scheme is “cloud-optimized”. Every file encrypted with Cryptomator corresponds to an encrypted file. VeraCrypt, in contrast, just has one huge file, where all data is written to and you cannot differentiate single files.

I abandoned using either Veracrypt or Macrium reflects encryption, and instead am encrypting my entire system drive and external drives with BitLocker. Seemed a lot easier esp. with Bitlocker built into WIN 11 Pro. It automatically decrypts both ext drives if it recognizes the host computer, so my logic is that if they can;t access the computer, they won;t get into the drives either. So that eliminates the need for either Macrium Reflect encryption or Veracrypt. KISS. See any flaws in this setup?

I still have a Cryptomator Vault I sync to a cloud storage spot for items I’d want/need in case of a disaster. The disadvantage I have is I only get 5GB free whereas with Google Drive I have 17 GB of space (but not quite ready to trust Google with my high-value stuff).