I’d like to combine Cryptomator, Acronis, and FreeFileSync in my backup workflow, and I want to make sure I’m doing it correctly.
Here’s what I’m doing right now:
I work on my main files stored on an SSD (D:\Documents).
I created a Cryptomator vault stored on my internal HDD (M:\Cryptomator).
When the vault is unlocked, it shows up as a network drive (F:\).
I use FreeFileSync (via Task Scheduler) to automatically mirror my SSD → HDD.
My questions:
In Acronis, should I back up the vault folder (the one I gave when creating the Cryptomator vault, so M:\Cryptomator) or the unlocked virtual drive that appears when I open the vault (i.e. F:\)? I assume it’s F:\, because the WELCOME.rtf file explicitly says “Any files added to this volume will be encrypted by Cryptomator.“, but I want to be absolutely sure.
For my FreeFileSync job, should I sync my SSD directly to the vault folder (M:\Cryptomator) or to the unlocked network drive (F:\)?
if you want your Acronis Backup to backup the encrypted vault files, then you have to select M:/Cryptomator. If you prefer to have an unencrypted backup of your files, then you should select your D drive to be backed up.
Never ever configure anything to write into your M:Cryptomator folder. You’ll mess up your vault structure and damage your vault and may loose files. And the files would not be encrypted also. Only Cryptomator shall write anything into this folder. This is the folder where Cryptomator will create the encrypted vault files an soon as you save them to F: . So the answer to your question here is „F:“
I’ve done a test backup and checked on another device, and it worked perfectly.
I believe this is how it works, but please correct me if I’m wrong:
The actual files are stored in M:\Cryptomator, but they are encrypted. To view them, I must decrypt them, by opening them via Cryptomator. Doing so will create F:\, where the files will be visible.
To add new files, I must place them in F:\ so that Cryptomator can then encrypt them as well.
To back up my files, I must back up M:/Cryptomator, so that I can use Cryptomator again on (for example) another device later to decrypt them again.
Another question I had was on Windows 11, what would be the best way to secure access to ensure that only Cryptomator has access to M:\Cryptomator? I don’t want to risk an accident where I or a tool writes into M:\Cryptomator, potentially corrupting the folder as you said.
I am not aware that there’s a way to how allow access to files on a windows machine only for one specific app. And as you are the user who starts cryptomator, it is basically your account that does the changes to your encrypted vault files as soon as you are using cryptomator. From my point of view the only way to avoid data loss is to make sure only you have access to your PC (so nobody can delete it on purpose), and most of all have a solid backup strategy (not only for cryptomator files but for any files you don’t want to loose)
Your solution will also work for me, as Acronis doesn’t work with the decrypted F: drive. By now I am always backuping M: drive, with what I am not happy. I will implement your way and do the backup in the future from D: drive! On top this will give me the chance to create hard and soft links again on D: drive, which also do not work with the F: drive. Perfect!