Using Cryptomator with Obsidian + Syncthing (files still visible after lock)

crane45998 · October 1, 2025, 8:23pm

Hi everyone,

I’m trying to set up a workflow where I use Obsidian for my notes, sync them via Syncthing, and secure them with Cryptomator.

Here’s my setup and the issues I’m running into:

On my main machine, I created a Cryptomator vault and synced it with Syncthing so I can access the same vault on my phone.
On mobile, I pointed Cryptomator to the decrypted files, which basically means Syncthing is syncing decrypted data instead of the encrypted vault.
The only option I see in the Cryptomator Android app is “Share folder” → select Obsidian, but that requires importing files. Whenever I create a new note on my main machine, it doesn’t automatically appear in Obsidian on mobile unless I manually import it.
The bigger problem: even when I lock the vault, the files are still visible on my phone. I understand that Cryptomator on mobile can’t mount a virtual drive like on desktop, but that defeats the purpose of locking for me.

My questions:

What’s the correct way to integrate Obsidian with Cryptomator + Syncthing so that new notes sync automatically into Obsidian, without manual imports?
Is there a way to make sure files disappear/become inaccessible on mobile once the vault is locked (for security)?
If Cryptomator can’t provide that directly, is there a recommended workaround to keep Obsidian usable while ensuring my notes are properly secured when locked?

Basically, I need a solution where:

Obsidian can open the vault content for live editing/clarity.
Syncthing keeps everything synced between devices.
Locking the vault truly hides the files again on mobile.

Thanks a lot for any guidance!

LeoW · October 1, 2025, 11:34pm

Hi,

You have a very sofisticated configuration that I imagine might be difficult to keep synchronized and encrypted and everything working 100%.

The obsidian software can encrypt the data that it stores wherever you keep it. You are trying to double encrypt it.

Look at a community plugin called remotely save. Remotely save supports end-to-end encryption and synchronization built into one plug in that’s part of the obsidian software.

You can give it a very strong password and high encryption and have the software do the encryption and synchronization without involving other software. This is what I do and what I recommend that others who use obsidian do as well.

I am familiar with all of the software and use all of the software that you are interested in combining however I think that you will find it to be Least Complicated and more reliable if you simply rely on the obsidian encryption to keep the obsidian data encrypted wherever you store that information. For example I keep my obsidian database on my pcloud drive but on the drive the data is encrypted so pcloud can’t read anything.

Obsidian on my mobile device synchronizes directly with pcloud and my windows software does the same.

You can achieve encrypted data that is secure without doing all of what you’re doing.

For synchronization and encryption I use a free obsidian plugin called remotely save.

Onother option If you use obsidian sync service which I think costs about $4 a month everything is encrypted on their server and everything is synchronized and it’s far less complicated than what you’re trying to do and make work in a distributed environment. This is the best option for beginners who don’t want to learn how to synchronize the data themselves but that’s just an option it’s available.

I understand that the purpose of using synchthing is so that you don’t need to store anything in the cloud but what you’re trying to do is likely to be unstable and when you encrypt data and have vaults that are open and closed and synchronizing separately with a different program risk of failure goes up and you lose all your data it’s all on your own equipment but it won’t be readable anymore.

Remotely save plugin will let you achieve your desire results without involving three different software programs that you need to keep organized.

Dire_Straits · October 2, 2025, 9:08am

Hello, I’m the OP i just logged in using different username.

I took a look at remotely save, looks promising however when searching on the plugin i observed the existing of 2 plugins, the first one is Remotely Save and the other is Remotely Sync I checked both but while taking a look at Remotely sync i noticed that the developer created it to address security issues when it comes to encryption
I’m quoting:

“ Security Updates from Remotely Save

Updated encryption to use AES-GCM which is more secure and authenticates the ciphertext when decrypting, making it harder to exploit padding oracle attacks.
Updated salt from 8 → 16 bytes. See note
Updated IV to not be derived from the user’s password (discussion)
No security guarantees, but these are the issues I identified when reviewing the end-to-end encryption as implemented in remotely-save.”

It’s a little bit concerning, anyway, I checked the github repo for Remotely Save then checked the Issues, many users complain about syncing their notes, example of the issues that brought my attention is this one: [Bug]: Google Drive Pro syncing creates copies of same files rather applying edits to the file #1065
also: When trying to sync files which have a question mark in the title, they fail to sync with the following error

/Personal/What To Do?/Today.md Request failed, status 400

I can’t post here all the issues i saw but please be my guest and check GitHub · Where software is built

What I didn’t like is the number of issues and 90% are bugs, there is nothing dangerous than a bug that would wipe or make your notes corrupted.

I don’t think that Remotely Save is for me unfortunately as I’m obsessed with security and privacy and also stability of the solution.

Syncthing works fine I just wanted a solution to encrypt my stuff as they are plain text in original storage, I understand that Obsidian is not meant for sensitive data and i should rely on encryption vaults like VeraCrypt, but I still don’t want anyone to access my notes specially if you lost your phone and left it somewhere, a book author doesn’t type confidential information but he could type a new book in Obsidian and if it happen he lost his phone for example all his work is gone or worse stolen, it’s about protecting your notes nothing else and cryptomator doesn’t help when it comes to android integration, i wish if there was a solution to mount a virtual drive in android that way it will work just as in a computer.

if you have other idea you can come up with please don’t hesitate to share.

Thank you in advance.

LeoW · October 3, 2025, 9:36pm

Great investigation. I learned a few things from your research.

I’m happy with remotely save and will continue using it. It has been reliable for me and it does encrypt my data on the server so it meets my needs.

I saw the remotely sync add-on and chose not to go with that one.

My concern about your configuration is synchthing trying to synchronize files that are in an open vault and other times a closed vault. I would synchronize only when everything is closed.

I used to use syncthing on my phone and stopped when the main organization stopped updating the Android client. I decided not to go with the forked version.

Now I use either foldersync which is in the Google Play Store or roundsync which is on GitHub.

Dire_Straits · October 6, 2025, 8:37am

Hello LeoW,

I hope you are doing great, I was looking for a reply where RSAF was mentioned, I’m not sure if you suggested it or it is someone else, anyway that reply was deleted for unknown reason, however I tried RSAF and unfortunately it didn’t work, the drive was indeed created but when i try to select the folder using obsidian, it says choose another folder that is not in root folder like in storage, I tried also Round Sync since RSAF is outdated and RS was a maintained fork, same result, I thought about making a Samba mount however since this took me much time i didn’t have the time to waste more time, I realized that you can’t setup a mounted virtual drive on Android on a non-rooted device due to Android-Security, I was then wondering let me see the available community plugins, i checked age encrypt, Meld Encrypt to encrypt partial data etc.. but again when you check the repo issues, you see people losing their data just by accident or by unintentional manipulation while trying to decrypt or encrypt it, the disclaimers also are explicitly makes it clear where you can use it on your own risk, so i came up with an idea which is very simple, I created an html page that has JS code, the code encrypts and decrypts your data, you enter what you want to encrypt like a password or the desired sensitive data then you add a passphrase and you get an encrypted hash, if i want to decrypt it i do the same in reverse, I put the html file in my phone home screen, once i needed to decrypt the data i copy paste then boom, my data is decrypted.
I recreated the syncthing folders since i have versioning of previous data that has older data in plain text, you can delete the .stfolder and re-create it.

If you want i can share the gitlab html code link or if anyone needs it, just ask, my code uses AES-256-GCM + PBKDF2 (100K iterations)

Thank you guys