I want to use a sync client to backup my work folders. Working in the virtual Cryptomator drive can create a lot of i/o and I don’t need a permanent sync. I’m fine to do a sync once a day or so.
So usually I would just pause my sync client for the cloud storage and work in the directory. Then when I want to sync I would manually enable sync again.
When I use Cryptomator in between, I can’t work in this folder, because without the tresor open I can’t access the files in it.
I’m wondering if there is a non hacky, reliable workaround for this?
Symlinks was was first idea but seems not the be supported 100% without headache?
The only other idea would be to sync the work folder occasionally to the virtual tresor drive, which I would like to avoid because of the complexity and therefore higher chance or errors (cloud sync -> cryptomator -> sync to cryptomator form local drive WHEN the tresor is open).
How do you do it technically? I think it could be a lot of manual and error possibilities. Like I have to start cryptomator until it’s mounted. Then I have to start the cloud sync client. Then I need to manually sync the folder into the cryptomator virtual drive.
Any scripts for that or ideas how to make it convenient?
On the one hand I don’t like duplicated data on my drive and another sync process, on the other hand it might be more secure, when I think about it. I had sync clients from cloud storages that had an error and deleted local data by accident.
In my particular case it might also be a problem because it’s about 1tb data (duplicating it means 2tb local storage needed), I would have to get another ssd to do that.
I use a backup solution to sync my files into the vault. The sync client that syncs the encrypted vault files into the cloud is doing all the Rest. No manual steps needed.
Sounds not bad, but I have to think if this could be a solution for me. As said, one problem is space that duplicating everything would cause. I’m using a backup solution too, but it’s not working in file level and is creating images. I’m thinking that my backup strategy will get too complicated with all the different and too many tools involved.
I have to think about this. But it would be great when cryptomator would support unencrypted source files in a closed tresor too that are encrypted as soon as the tresor will be opened. Or adding a pause for encryption when the tresor is open. This way you could work without creating so much i/o ans slowing down other things when working in these folders.
as far as I understand cryptomator is not build for local encryption.
wouldn’t it make sense keep mounted drive all the time, even when the tresor is closed? this way you could just open the tresor and all new files would be synced to the encrypted folder, while still being able to work on the files when the tresor is closed.
with the current implementation you don’t have a local encryption replacement and and the same time problems in cloud sync scenarios.isn’t it a lose-lose situation?
Yes, that is correct. It was built to give users the ability to encrypt files to be stored online. For local encryption, tools designed for this purpose should be used. For example Veracrypt. https://docs.cryptomator.org/en/latest/security/security-target/
No. because when the vault is closed, the “door” to the vault is locked. Speaking as the mounted drive as “the door” to your vault, it doesn’t make sense to keep it open when the vault is closed.
The mounted drive is not an actual storage of your system. Its a virtual drive that is linked to your open vault (simple described, not technically).
correct, that’s not what cryptomator was designed for.
I dont understand that. Cloud sync does the same as it does before. It syncs your local files to the vault. But with cryptomator the files are now encrypted. That’s what cryptomator was build for.
Could you elaborate? I thought the whole point was to make a local encrypted vault, that then could get synched to a cloud storage. So couldn’t this be used for local encryption as well?
Also, I’m trying to follow this conversation, but don’t understand the term “tresor”. Is that the same as the unlocked Cryptomator vaul?
Cryptomator is build for single file encryption that was designed to work with as many online storages and as many OS as possible. That’s why Cryptomator does not integrate too much into the OS and creates encrypted files that can easily be synced with every cloud provider sync app. The first point is the reason why I would always recommend a solution that is best integrated in the OS, if you are looking for a local encryption only. Example: some executables have problem when being executed from a virtual drive. On windows there are issues with symlinks. Some software do not allow to store data on/load data from virtual drives. And so on. All these issues can be avoided if you use a solution that (for example) encrypts a complete OS partition. If you just want to encrypt some document/pictures/whatever, then of course Cryptomator might fit for you as well even if you don’t want to sync the files to an online storage. But it’s only purpose is to encrypt single files on your harddrive, that you then can store online (and access via the apps) and do not have to sync complete „partitions“ when you only have modified one file. (Hopefully I could explain that well)
Yes (German „Tresor“ is a vault -no matter if open or closed. Sorry if that was mixed up a bit )
I dont understand that. Cloud sync does the same as it does before. It syncs your local files to the vault. But with cryptomator the files are now encrypted. That’s what cryptomator was build for.
It’s the initially explained problem. I have to duplicate and sync my working folder to Cryptomator, because I can’t pause the sync&encrypting to my target folder. Working with big files or many changes creates a lot of i/o, making it difficult to use in Cryptomator Vaults/tresors.
With usual sync clients you can just pause the sync in these cases.
I wonder why you’re having so much IO ? Are you sure the IO is caused by Cryptomator and not the synch agent? I’m guessing that you’re running some program directly inside of the tresor, and that program is constantly making support/temp files which create a lot of IO. And then your sync agent is constantly working to send those files up. So if you turn off the syncing agent you might find that CM works OK.
My solution to the “offline” problem is to have a separate working directory just for the things I’m working on currently. Then use a script or tool (usually rsync) to synch it back to the “tresor” as needed. If you have a huge data set, you’re usually only working with portions of it. So if your data is partitioned by application or date, you can just work with portions of it in a local directory as needed.
Yes, it’s media working files and automatic temp save files from the program. The program itself is not running in this folder. As said, the cloud sync is paused while I work. But I can’t do it with cryptomator, so like Michaels and you pointed out the only way is to sync to cryptomator and keep the work files outside.
Just want to express that it’s would be wonderful to not need this workaround, especially when you have to backup a lot of stuff, in my example about 1tb - so I need at least 2 tb due to this and it’s an additional layer of complexity were something can fail.
What kind of app are you running that creates so much IO ? With some apps, it’s possible to configure it so that temp and media files go somewhere else other than the main “save” directories.
I can’t help but think that opening a 1 Tb vault causes a lot of IO, at least during initialization. I’m sure Michael could tell if that were true or not. My 15 Gb vault doesn’t create much IO, even when mounted externally.
I suspect that if you partitioned your vault into smaller vaults, just mounting the ones you currently need that your performance would improve. But I’m fairly new to CM.
I’m curious, how long did it take to send 1 Tb of data to the cloud? It took nearly 24 hours for me to send my data to Google Drive, but of course GD isn’t a high-performance solution.
Cryptomator encrypts on a file basis. Other than e.g. Veracrypt, where you create encrypted containers first and then store your files in it, does cryptomator treat each file individually. That means that the vault size it self is irrelevant. And creating a vault does not encrypt anything. Encryption starts when you put a file in your vault.
)
)