I’m in the process of changing my note taking from Standard Notes to Obsidian, and I am trying to figure out how I can sync notes between my laptop and Android device with the notes encrypted. I thought I had the solution by encrypting with Cryptomator and syncing the encrypted vault with Syncthing. But I realized that Cryptomator on Android does not work by mounting a new drive like it does on Linux, so Obisidian could not access the unencrypted files. So now I am not sure where to go from here.
My requirements:
- Notes are synced both ways between laptop and phone
- Notes are encrypted at rest
- No usage of external cloud services
How do you go about syncing?
Does the disk encryption of Android count as encrypted at rest? If not, I think this will be a hard requirement to meet.
That aside, I’m having good luck with Synching. I think there’s a bit of a learning curve setting it up, but you don’t really have to touch it once you’re done.
No, as I’d want it to be protected in the case someone gets a hold of the device in an unlocked state.
I found Syncthing very nice to work with, and successfully synced between my two device, so I would love to keep using it. But as it is now, I would have to sync the unencrypted files on both my devices. Not sure how it will behave if I try to sync the mounted drive on my computer, if the vault is locked.
deleted by creator
My only guess is that you could maybe use Termux to set up a gocryptfs mount that Obsidian could use, but I’m not sure if that would work or not.
gocryptfs
encrypts files physically on the drive, but exposes them unencrypted under a transparent logical mount.Edit: DroidFS uses
gocryptfs
in the backend, maybe that would be easier.Interesting. Would require the use of some of the unsafe features, but at first glance it does look like this could work.
I have been thinking through this exact problem in the past few weeks. Let’s write back with what we come up with! I’m going to explore the DroidFS suggestion.
Isn’t syncthing already encrypted?
The transfer I would assume is encrypted, but it is the files at rest I am interested in making sure is encrypted.