I began playing with Cryptomator last week. After pouring through the FAQs and docs, I still have a couple questions—some specific to my use case (if anyone is willing to help).
My big concern: I’ve read files in Cryptomator vaults are not intended for frequent editing due to heavy I/O. Contrarily, I’ve read that doing so is no more risky than using iCloud, NAS, or any other mounted storage—all risk data corruption with day-to-day use. I constantly jump between Windows, Mac, and iOS, and my hope was to use Cryptomator to work more securely and without added risk. Can I rest easy with my data, so long as I back up?
Specifically, here is my planned workflow (I’m including a flowchart to illustrate):
Encrypted files are stored in Google Drive, accessed locally on Windows via Google Drive Stream (where important files are locally downloaded).
Daily, for redundancy and peace of mind, I want to mirror/sync the unencrypted contents of important vaults onto my HDD (and periodically, then to an external HD).
Also daily, I want to incrementally backup certain directories straight from Google Drive to Backblaze B2.
Ideally I need a solution that will allow me to sync/mirror 1:1 in both cases: a) encrypted files from Drive to B2, and b) the vital unencrypted contents from Drive Stream to local directory (and then again to external).
What program(s) do you recommend to do this? I am aware of and have fiddled with possible solutions (rclone, Kopia, Cyberduck, Duplicacy…), but I’m overwhelmed. For instance, I’ve read rclone won’t maintain folder hierarchies and doesn’t handle large Cryptomator files/directories well, and Kopia won’t backup from Drive… the list goes on. I can’t figure out which will work reliably. Do you have suggestions and/or instructions? What has worked dependably for you?
Thank you, and I’m so excited to join this community of like-minded privacy enthusiasts!
Hi and welcome.
For your scenario 2 I am using Personal Backup (only Windows) for years now and I am totally happy with this backup solution (don’t forget to donate if you will be happy with it as well). But there’s one thing this tool cannot do, and this is directly connecting to backblaze or Google drive (only local and network or FTP).
And even if it could, that would mean to download your vault from gdrive and upload it to backblaze (in your Szenario incremental). Nevertheless I cannot see the benefit of doing this when you have all your encrypted gdrive files already local available (as stream). So why not do the incremental backup of the encrypted files from your local gdrive to backblaze?
And I like to point out that the vault structure (means the structure of encrypted files) is crucial for decryption your files. If you mess it up when restoring from an incremental backup, you will most likely loose files.
I recommend to have a mirror of your encrypted vault on backblaze instead of an incremental backup. You should use your unencrypted Lokal/externalHDD backups to keep file versions. (Just my 2 cents).
Also, please not that it is not possible to just „select some folders for backup“ in an encrypted state, as you do not know which encrypted files and folders belong to which unencrypted file. Please always backup your complete vault if you want to make a backup of your encrypted data.
Hopefully I didnt get anything wrong in your description.
Personal Backup looks like a solid choice for #2. Thank you for linking the other thread as well. So, with it I can select several mounted vaults for backup, and schedule to mirror the unencrypted contents to my local directory? Will it reflect deletions/changes to structure in the destination? If so, that might be the solution for me.
You make very good points. I wasn’t clear: I meant to say I will select entire vaults for backup to B2 (not folders). I organized the vaults with this in mind. But I didn’t think to backup the local downloads in Stream directly to B2… that’s a great idea! I’ll look into it. First I need to find the right program.
And you are saying I should make mirrored snapshots to B2 instead of incremental backups. Definitely makes sense. Sadly I still need to find the right program for the task. If anyone has advice, I sincerely welcome it!
Yes, you can backup multiple sources to one target in one backup job. For multiple backup targets just configure multiple backup jobs
Yes, you can configure to keep deleted files in the target and add custom prefix/suffix to the file name instead of actually deleting it from your backup. Same for folders. You can also configure backup types like incremental, fully or only changed files (and keep histories and configure how changes are detected). It’s very self explaining, but there’s also a good documentation.
I am not using backblaze, but doesn’t it have its own backup client? If yes, I think it’s worth trying to just configure your local gdrive vault path in the backblaze client for backup. Yes, then gdrive and backblaze are using the same local vault folder, but that should not matter.
All excellent, I’m definitely going to try it out. Thank you for the help!
Backblaze Personal does, but it doesn’t work with any network or virtual storage even if the files are locally downloaded, including gdrive’s Stream. I’d be backing up my local unencrypted files. Backblaze’s B2 is their version of Amazon S3, and you have to use some other program to manage the backups.
You may want to compare with SyncBack which is a windows only solution but does offer just about everything you’re looking for if I’m not mistaken. I’ve used their free version for personal use to maintain unencrypted backups to my local NAS for years. I haven’t yet had the need to automate things so the free version suffices but I have considered their reasonably priced SE or PRO versions which offer a lot of what you’re looking for. If you sign up for their newsletter they typically send a coupon around world backup day (March 31st). Good luck! https://www.2brightsparks.com/syncback/syncback-hub.html