What tool do you use to automatically unlock your cryptomator vault and sync the files in your vault with the local copies of those files?


#1

I’m looking for a tool that will automatically, on a schedule, unlock my Cryptomator vault for me and update the contents of the vault. I want to back up copies of my local files to the vault and have the vault act as a backup solution, similar to Dropbox. Finding something that is open-source isn’t an absolute must, but it would definitely be a huge plus. I’m not against using something paid.

Any suggestions?

And as a side question - if my Cryptomator vault is stored in the cloud somewhere, when the vault is unlocked that doesn’t mean the cloud provider in question can suddenly see the contents of my vault, right?

Thanks!


Encryption for automatic backup?
#2

I use PersonalBackup to do this job.
http://personal-backup.rathlev-home.de/

You can configure it to start cryptomator before syncing and wait a view seconds. Then it starts syncing into the open vault.
You can also configure to start an app after sync is done.
I use it to start my OneDrive client, which then syncs the encrypted files to online storage.
And in addition, you can set up an scheduled task for the complete backup job.

So in my case every two days the following happens automatically

  1. Start cryptomator and open the vault
  2. sync local files into vault and encrypt them
  3. sync the encrypted files to online storage.

Mit Google drive
Syncing vault with unencrypted folders
#3

This looks absolutely perfect. It doesn’t seem to be open source though. Do you think the software would still work if I set up a custom firewall rule blocking outbound connections? (This isn’t to say I don’t trust the developer per se, but I usually do this just to be safe if a piece of software is closed-source and it doesn’t seem like it needs to be able to connect to the internet).


#4

Well, I don’t know but I assume it will work also with blocked outgoing traffic. I use it since years and have not experienced any unwanted behavior like spam.
If you block outgoing traffic, the update check will not work (but you can disable it anyway)


#5

This is good to know, thank you. I think having to manually instigate updates is worth the peace of mind. Do you know if this software can automatically unlock other types of encrypted vaults, such as Veracrypt containers? Or is it optimized to work with Cryptomator, as Cryptomator seems to be less “complex” compared to things like Veracrypt.


#6

Unfortunately I don’t have any experience with veracrypt. But personal backup is not especially designed for cryptomator. It just offers to run a file (eg batch or exe) before and after a backup (sync) job.
As cryptomator offers the ability to open one or more vault automatically on start, you just have to configure cryptomator to do this and then configure personal backup to run cryptomator.exe before backup.

If veracrypt offers this function as well (to open a vault on startup) you can Of course set up the same process with veracrypt.


#7

I see. Thank you for your help! I’ll try and set up my first backups (testing with both Cryptomator and Veracrypt) this weekend, hopefully I won’t run into any trouble during setup.


#8

Hi there. These past few days during the holidays, I downloaded Personal Backup and have been playing around with it. I have encountered some difficulties though when it comes to configuring it to work with Cryptomator and I was wondering if you could give me some guidance.

I created a new Cryptomator vault and in advanced settings checked off “save password”, “auto-unlock on start”, and “mount drive” (and designated a drive name and letter to always mount on). I still find that in order to unlock the vault though, I have to double click on the Cryptomator icon in my desktop. I know there are ways to configure applications to run on startup (I’m a Windows 10 user), but I’m not sure how to configure Cryptomator to run on startup and have the password be activated (even if the startup issue is relatively easy to fix and I have Cryptomator set to remember my password, I still need to click “unlock”).

The chain of events that I’d like to have happen is:

  1. Cryptomator automatically opens on startup/logon, the password is activated without me having to click “unlock”
  2. Personal backup performs its backup functions on the now unlocked vault
  3. Cryptomator closes itself, again automatically

I’m having issues with Veracrypt as well in regard to getting Veracrypt to not prompt me for my password, but fixing that will likely require me seeking support from a Veracrypt-focused forum. There’s still a chance that I might cave and go with a service like Carbonite that’s easier to configure (especially if this process of auto-mounting and decrypting vaults, performing a backup, and then having them automatically close slows my computer down considerably more than using something like Carbonite), but I would like to see if a more custom solution is possible. I like the fine-grained control Cryptomator and especially Veracrypt gives me.

Also, do you know if it’s possible to move your Cryptomator vault to a new location without getting the error message “Vault couldn’t be found. Has it been moved?”.

If you have the time to give me some guidance, I’d be very grateful. If so, take all the time that you need. And happy new year!


#9

Hi

If you want to automatically open and mount your vault, you’ll have to check on the first three check boxes in advances settings. the fourth is optional.

There’s no configuration within Cryptomator for that. In your case you can tell Windows to start on startup, or you can tell Personal Backup to start Cryptomator before it runs a backup job.
If you want to use windows, just make a copy of the Cryptomator Icon on your desctop, and move it into you autostart folder
(C:\Users\YourUserName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup)

Regarding 1: If you follow the steps above, it will work. But in Your case I recommend to configure Personal Backup to run cryptomator before a backup job (see chapter “external programms”). because if you dont run a backup job, there’s no need to open cryptomator for your scenario. But more important is the risk that cryptomator has not finished to opened the vault when Personal Backup starts it Backup. Than it will fail. So I recommend to configure Personal Backup to start Cryptomator, then wait for at least 15 seconds (so cryptomator can easily perform everything to mount the vault) and then run the backup.
Regarding 2: You’ll have to configure an auto backup within Personal Backup. Please see the middle tab on the right side of the window in Personal Backup.
Regarding 3: Actually, my only idea is to kill the cryptomator task with a batch after the backup job. But I do not recommend this. And I do not see why you want to do that.

Please mark you vault in the list an click “-”. This will delete the vault from you list (not the files, only the list-entry). Then move the complete folder of your vault to the new location (if not already done).
After that press “+” an klick “open a vault” to open you vault at the new location


#10

First off - sorry it’s taken me a while to respond to this (I was dealing with a family matter these last few days).

Anyways, back to the thread. Here’s my process and where I eventually ran into an issue. I do feel like I got very close to getting it to work though.

  • Created a Cryptomator vault (located in OneDrive), selected the first three boxes in advanced settings (when I said checked off I meant selected, like “check off my list” - should have made that more clear).
  • Created the task in Personal Backup. The backup destination is the vault, the directory to be backed up is Photos. For starters, I designated the backup schedule to be at first logon every Sunday.
  • For this newly created task, under “other options” I checked the “execute before backup” box and selected Cryptomator. Then I saved. The additional options in the External Programs section (such as the “wait until program terminates” box being checked) were left in their default state.

This is where I started to run into issues. I hit “start backup” to see if everything would work smoothly. The task window for the backup popped up, as did the window for Cryptomator. In the Cryptomator window, the designated vault had the unlocked symbol next to it. So far so good. I didn’t click on anything else because I wanted to see if everything would be done automatically. I waited 15 minutes to see what would happen and when the task window for Personal Backup was still showing me 0% progress, I decided to go ahead and click on my Cryptomator vault displayed in the list of options in the Cryptomator window. The little side loading screen came up and the red loading bar did it’s thing, and the end result looked just like this picture.

Nevertheless, this didn’t seem to do anything. Despite the fact that the vault shows up decrypted when I click on “reveal drive” and I can view the (empty) contents of the vault, the Personal Backup task seemed to be making no progress whatsoever and was still at 0% a good 30 minutes later. At this point I tried locking the Cryptomator vault to see what would happen and got the message “do you want to force locking? This may be because other programs are still accessing files in the vault or because some other problem occurred.” Finally, I decided to do a forced log-off, as Personal Backup was behaving strangely as well (clicking “cancel” didn’t do anything, couldn’t exit Personal Backup, etc. - basically everything seemed to be halted).

I’m not sure what to do now. Any advice?

Two other questions popped into my head during this process as well - the first of them being whether or not checking the box “encrypt files” when first configuring a backup task is superfluous if the directories are going to be backed up to Cryptomator vault anyways, the second being which option would be best to select for “Action after backup” - “none”, “shutdown”, “logoff”, “standby”, or “hibernate”? I don’t want Cryptomator and Personal Backup to both be left up and running after a backup has been successfully completed; ideally I’d like both programs to automatically be closed for me as soon as the backup finishes.

Thank you so much for all of your help so far!


Metadata - minimizing , cleanup
#11

Well, this isnt a cryptomator thing at all but a personal backup thing.
So basically this is the wrong forum. But OK.

No. As I wrote, please configure to wait not longer than 15 seconds (at least 15, my recommendation). Default is “wait till end of external program” (or similar, I use a german client). As cryptomator does not end, because it has to be up and running during the backup job, you’ll have to tell Personal Backup (PB) how long it has to wait after starting the external program, before the actual backup-process it starting.
And this is exactly what you experience right now. You start the backup and tell PB to run Cryptomator and wait until an event that is not happening (cryptomator is ending). You see, this can not work at all.

Here’s a screen of my configuration, maybe this will help to configure PB
Unbenannt

This will encrypt the files content (not names) before writing them into the vault where they will be encrypted again. so yes, this option is superfluous if you backup into a cryptomator vault.

Whatever you want your system to do. I leave it on “none” because usually I work on the PC when backup is finished. So I dont wan’t to shutdown or logoff from my PC.

PB will close automatically 5 seconds after successful backup. But only if the task is automatically startet or if you only start the backup job by clicking the *.buj File. If you start PB Programm Interface and then load your backup job and klick “start” then of course PB Programm interface will stay open until you close it.
Furthermore see my comments in my last post regarding the automatic ending of cryptomator (your point “3”).

If you want to work with Personal Backup and get the most functionality out of it, it is my urgent recommendation to read the manual carefully.


#12

Well, this isnt a cryptomator thing at all but a personal backup thing.
So basically this is the wrong forum. But OK.

I apologize if this has gotten off topic. :slightly_frowning_face: It’s just that there doesn’t seem to be a help forum dedicated to Personal Backup, and when I find someone knowledgeable I try to make the most of it. Thank you for all of your help though, I really appreciate it.

I instigated the backup again after tweaking the settings (using your configuration as a template), and everything seemed to work perfectly - both Cryptomator and OneDrive started automatically, I kept an eye on my progress in the task window which showed me how many files were being located and compressed as well as the progress of the backup as a percentage. The backup was successfully completed, 100%, and in Personal Backup, I see the details from the latest backup listed (x files totaling x GB, Last backed up: 1/6/2018).

When I actually look inside my Cryptomator vault though (by clicking on “reveal drive” in Cryptomator), it says “this folder is empty” - nothing is visible. I double checked the file paths and everything looks correct. The really odd thing though is that when I go into my OneDrive folder and right click on the vault folder, selecting “properties”, the number of files and the total size of the vault displayed matches what Personal Backup says. Very odd. Do you have any idea why this is happening?

Actually, my only idea is to kill the cryptomator task with a batch after the backup job. But I do not recommend this. And I do not see why you want to do that.

I’d want to do this so that Cryptomator isn’t left running after the backup job has been completed. But closing Cryptomator manually is only a tiny inconvenience. Why do you not recommend this though? Just curious.


#13

Seems to me that you backup in your cloud folder directly and unencrypted, and not in your vault.
Why?
Because:

Means: theres nothing in your vault.
And

This is an indication that you backup into the cloud and not into the vault.
The numer of Files unencrypted (this is what PB is reporting) and the number of files encrypted (this is what OneDrive should be showing) are not matching.
Im my case: Files to Backup: 14762, amount of encrypted files: 33845.
For details please read Security Architecture

So: If you open your OneDrive, and you see the files you wanted to backup, and you can identify them by filename or folder structure, they are not encrypted.

Although you already did I ask you to check the filepathes again.
Here a Screenshot how it should look like.
Yellow frame: the path where you want to store your vault locally. This is in your local OneDrive Sync Folder. This is the path where the encrypted files are stored locally when cryptomator finished to encrypt them.
Red frame: the drive name you gave the webDAV network volume. This is the path you copy all files to which you want to encrypt by cryptomator. This is your vaults entry. And here you want to copy your unencrypted files for backup to, and therefore this ist the target path in PB

As I do not know for sure, that there are not operations running when shutting down an application by function, I never feel comfortable when killing an app process. Its just a personal thing.


#14

It turns out that’s exactly what happened - all of my photos were backed up to a different folder in OneDrive instead of the Cryptomator vault. I think they appeared in some random, newly created folder. I was so freaked out when I saw this, I deleted the entire Cryptomator vault - which was a rash decision looking back… I wish I had taken the time to take screenshots of where the pictures ended up and the file path, but I didn’t.

I decided to run a test this time, using a very small number of files (I’ll try to be as detailed as possible).

I created a folder on my desktop called “Personal backup test folder” and placed two documents inside (“test document 1” and “test document 2”, respectively). Then I created another Cryptomator vault called “Personal backup test vault”, and set the drive letter to always be T: (for test).

So I have

  • “Personal backup test folder” (folder located on desktop with two test files inside)
  • “Personal backup test vault” located in OneDrive

When going through the initial task creation wizard, I believe I set the destination directory to be C:\Users\myname\OneDrive\Personal backup test vault, which I see now is incorrect. Once the task was created though, I changed the destination to simply be T:, mirroring your configuration. Tweaking this one setting (changing the destination from C:\Users\myname\OneDrive\whatever vault I’m using, to the drive letter the designated Cryptomator vault is set to always mount with) seemed to do the trick. When I unlocked the test vault and clicked on “reveal drive”, my files were there (and not sitting inside OneDrive unencrypted, which is the most important thing), although the file path is pretty long and ugly. Even though I backed up one folder with two files inside, right clicking on the “Personal backup test vault” folder in OneDrive and selecting properties shows me 20 files and 33 folders.

When I unlock the test vault and click on “reveal drive”, the inside of the vault looks like this (with everything being folders). There are two main folders (DrvC and Users) and then a bunch of sub-folders in each.

DrvC > Users > myname > Desktop > Personal backup test folder > test document 1, test document 2 (with “test document 1” and “test document 2” being compressed folders containing the actual document in each corresponding folder)

Users > myname > OneDrive > Personal backup test vault > DrvC > Users > myname > Desktop > Personal backup test folder > test document 1, test document 2 (same format as above)

If I head over to the OneDrive folder and look inside that when when the vault is locked, opening the “Personal backup test vault” folder shows me masterkey.cryptomator, masterkey.cryptomator.bkup, a folder named “m” which is empty, and a folder named “d” that contains a whole bunch of other folders inside named things like “M3”, “WR”, “D8”, “H7”, etc. (with more folders inside each that are labeled with a string of random characters)

If this doesn’t look abnormal, then it seems like everything worked. I do have one final question though - is it possible to configure Personal Backup so that if I delete a file from one of the directories to be backed up (whether it be a document or photo), that file won’t be deleted from the backup destination? I want to have the option of freeing up space locally without having to worry about those deleted files also being deleted from my backup. I wonder if there’s a way to toggle this on and off. If you don’t know the answer, I’ll go and scour the user manual.

Thank you so much for your help.


#15

then you oviously have enabled the Data Compression in your PB tasks. Please note: this will slow down the complete process significant because PB has to compress all the files you want to backup. And to compare files in further backup processes, it has to unpack the files again. My experience is that the benefit of less volume needed (and this less is not really much because you cannot compress for example photos very effective) costs way to much time. (of course only my opinion)

This looks very good, because this is the “view” of your encrypted files. This bunch of cryptic folders and files is what you want to store online.
If you want to go deeper into how cryptomator does secure your files and why there are so many files (despite you only have in fact 2 Files created) this will give you all the information: Why so many files

As long as you do not enable the sync function in advanced job settings (default disabled as far as i know), PB will not delete files in the backup destination.
In default settings PB is a backup tool. It creates backups, and does not only mirror your files as a sync software would do. Therefore it will never delete a file in you Backup only because you have deleted it in your sources. Then a backup would not make sense anymore :wink:
If you delete a file in the source, it will be keept in the backup.
But: there’s s sync option you can enable to get the benefits ob both, syncs AND backups.
If you want to enable the sync, you can configure PB to set a prefix and/or suffix and/or a dedicated folder for deleted files, and keep them in the backup instead of actually deleting them. This might be useful if you want to backup a exact “as it is” condition of your files, but also want to keep deleted files in the backup. Lets say: a combination of a sync tool and a backup tool :slight_smile:

Furthermore you can configure PB to keep a security backup of files when you have changed them. Please have a look at the task setting tab Other options
Here you can define how many “old versions” should be kept when a file was changed, and how long they should be keept be kept (0 for “always”).
PB will then make a security backup before updating the file, and saves it with a prefix (or whatever you configure how the files should be named).


#16

My experience is that the benefit of less volume needed (and this less is not really much because you cannot compress for example photos very effective) costs way to much time. (of course only my opinion)

I see - thanks for your input on this!

This looks very good, because this is the “view” of your encrypted files. This bunch of cryptic folders and files is what you want to store online.
If you want to go deeper into how cryptomator does secure your files and why there are so many files (despite you only have in fact 2 Files created) this will give you all the information: Why so many files

Excellent! This is great news. Would you say the ugly filepath inside the actual unlocked vault (when I view it after clicking on “reveal drive”) is also normal? And thanks for the link.

It creates backups, and does not only mirror your files as a sync software would do. Therefore it will never delete a file in you Backup only because you have deleted it in your sources. Then a backup would not make sense anymore :wink:

Another great thing to hear! This was a big point of anxiety for me - that deleting the local files would also have the backed up versions deleted. Having the option of actually going into the vault and manually removing the extra files I don’t want (that have also been deleted locally) is less convenient, but I prefer the level of control. Just to make sure I’m totally, 100% clear on this - when files are deleted locally they aren’t deleted from the backup, but when files are changed they obviously get changed in the backup as well? Is there any way to have PB keep track of which files in my backup are stored versions of files that have been deleted locally?

Furthermore you can configure PB to keep a security backup of files when you have changed them. Please have a look at the task setting tab Other options
Here you can define how many “old versions” should be kept when a file was changed, and how long they should be keept be kept (0 for “always”).
PB will then make a security backup before updating the file, and saves it with a prefix (or whatever you configure how the files should be named).

Thank you for the heads up on this as well. I really can’t thank you enough - for your knowledge, patience, kindness, all of it! I would say this is probably the most technologically-advanced thing I’ve ever done (as lame as that sounds…), so being able to pull off something like this is quite exciting for me :slight_smile:


#17

Yes. this “ugly” path is the actual complete path of the file on your system. Instead if Volume “C:”, PB does add an “DrvC” to the path. So you always can see in your backup where the files were originally located in the source (your pc).
You can tweak that in task settings but I recommend to leave it as it is.

yes. (If you feel insecure, just test it :slight_smile:)

You can clean up your complete backup and delete files that do not exist in the source any longer and define age and wildcard criteria which files should be cleaned from the backup. you can also automate this job. Please read the PB online help clean up a backup directory


#18

I see. Thank you for the links and for all the useful advice. As I’ve already said, you’ve been very kind to me. Thank you again, and take care! :smile:


#19

You’re welcome. :smile:
Cheers.