I was thinking of using Obsidian for journalling but I can't really do that as it stores data in plaintext. Moreover, cloud storage providers like Dropbox have openly admitted that they read our files. I would prefer no one reads them except me.
So I had to do something here. Otherwise, using Obsidian would have been out of the question.
Here is the solution I came to after trying many different setups (Cryptomator, Boxcryptor, cryfs, you name it).
First of all, we need to install gocryptfs. We will be using it for encryption.
brew cask install osxfuse brew install gocryptfs
On Linux, you get pre-built binaries from their GitHub releases so it is even more straightforward. Just download and place them in
Create an empty directory in a folder that is synced to the cloud. I use Dropbox. So I created a folder in my Dropbox called
Then initialize it with gocryptfs so it is used as an encrypted folder.
gocryptfs -init obsd
You will be asked for a password that will be used to encrypt your files. Choose it carefully.
You will also get a master key at this stage. Save it in case you forget your password.
Now we create a directory outside Dropbox (or your cloud sync folder) so that it can store decrypted files. I call it
We will now create the script that will help us use our encrypted folder "obsd" with Obsidian.
#!/bin/bash cd /Users/aviaryan/Dropbox # mount the encrypted directory gocryptfs obsd ../mounts/obsd # start Obsidian and wait for it to close open -W -a "Obsidian" # for linux, the above command won't work, you will have to find an alternative # unmount diskutil unmount ../mounts/obsd # for linux, do `fusermount -u ../mounts/obsd`
Save this script as
obsdstart or whatever you want to call it. Save it in a
PATH directory so you can run it from anywhere.
We are done. Next time when you want to use Obsidian, just go to your terminal and run
obsdstart. Then enter the password and voila.
The folder "obsd" will be decrypted and Obsidian will be opened. At this point, you can go to
~/mounts/obsd and place your existing Obsidian Vault contents if you had it. Else you create a new Obsidian Vault in that path.
Now, when you quit Obsidian,
mounts/obsd will disappear and all new changes would have been saved to
Make this a habit and you will see the power of this setup. This workflow adds an extra of 3-4 seconds to my Obsidian usage (opening terminal, running
obsdstart, and entering password). In return, it provides me with good encryption. I can't complain.
Here is a screenshot of how my encrypted
obsd folder looks like.
Since the encrypted folder is in the Dropbox folder, it will be synced to the cloud automatically. And since
mounts folder is outside the Dropbox folder, Dropbox will never get access to my unencrypted data, not even for a nanosecond.
If you want to be sure that you don't lose your encrypted data, you can also save the standalone linux binary of gocryptfs separately. This ensures that you will always have access to
gocryptfs, even if the developer abandons the project and deletes it from the Internet.