Cloud Encryption using Cryptomator

In a previous article, I mentioned storing important backups in the cloud. I’m generally cautious when it comes to storing private information on other people’s infrastructure. Although cloud providers can have pretty good standards in terms of security and privacy, I need a way to encrypt my data to feel secure that no one, other than myself, can view my documents.

That’s where Cryptomator comes into play. It can create a secure vault within your cloud folder that’s fully encrypted. This vault can only be opened using a secret key or password. Not even the creators of Cryptomator can decrypt the vaults that their program creates.

While the vault containing your encrypted data resides somewhere in your cloud folder, Cryptomator provides a virtual hard drive through which you can access your files.

You can work on this drive as if it were a conventional USB flash drive.

This is a quick guide on how to create and unlock a Cryptomator vault:

  1. Download, install, and open Cryptomator.

  2. Create a new vault by clicking the “+” button at the bottom left.

  3. Set the target location inside the local sync folder (provided by your cloud application such as Dropbox or OneDrive).

  4. Assign a password to your vault and confirm it.

  5. Unlock your vault, which opens up a virtual drive, in which you can store your data.

The target location from step 3 only contains encrypted data. To work on your unencrypted data, you’d have to follow step 5 and access the file from the virtual drive. You should only interact with the virtual drive and not the encrypted target location from step 3. Of course, you can look inside the target location (i.e. the vault) to ensure that everything inside is indeed encrypted (by checking if the filenames are encrypted).

Check out Cryptomator at

Jack Wozny
IS Security Operations Engineer

I’m a computer systems engineer! I love working with technology, tinkering with and optimizing new systems.

comments powered by Disqus