Obsidian and similar tools work on a local folder of files. This is fantastic, but also means you need to handle encryption, backup, and syncing yourself. Below, I share my experience for a very specific use case: running Obsidian on an untrusted laptop, which requires data-at-rest encryption of our Personal Knowledge Base (aka PKB, our folder of markdown files), and syncing the PKB to the cloud.

Our Requirements:

• Run Obsidian on an untrusted laptop (eg: corporate work laptop) running Windows 10
  • if motherboard fries for example, the laptop needs to sent back to the employer with hard drive data intact. This means, data at rest encryption is required so the employer cannot read our personal KB
• Sync Obsidian data to an untrusted cloud. Data must be encrypted during transit, and must be stored encrypted in the cloud
• Backup so we never lose more than an hour of work in case the laptop burns up, for example
• My KB consists of ~450 files, including ~25 images and non-.md files, at a total of 15MB.

Full article is here.

The article explores EncFS/Safe, Cryptomator, rclone, Veracrypt, and Windows EFS as building blocks for the solution.

Comments and discussion welcome. I’d love to hear from you in this thread if you found this article useful!

I have used VeraCrypt for around 5 years, 1^st on Windows, then on Linux, now on MacOS, all for home use, and have been happy with it. 1 of the issues I found important was if ever I have to hand in my computer for repair and I would need to give access to the hard drive for the repair person, all my data would be exposed.

That is a drawback of the native Windows EFS or MacOS File Vault.

Not so with VC.

Good point, that’s yet another reason for most users to encrypt even on their own computer.

PLEASE be EXTRA careful with your wording of “untrusted”.

The words “Untrusted laptop” when referring to a corporate work laptop is horrible frame of thinking that is bound to cause problems with information ownership and employee and employer relationship.

All employee’s and employers maintain their systems of trust based on the personal and protected information that both the employee and employer’s may produce.

Yes an employee may have his own private information i.e. personal Health Records or performance reviews on a company owned device.
Any small or big corporation is within their rights to define their own personal IT ownership and information policies.

I’d recommend you at least talk with your IT department and have a conversation according your companies policies and procedures when deciding what information is owned by you or your employer.

i.e. don’t encrypt your employers information by accident and then not realize you are syncing to a location not approved by your employer.

Thanks, but I believe the meaning of “untrusted” is pretty clear in this context, as explained upfront. I’ve added personal for emphasis.

This is helpful, thanks! I’d really love to see some sort of.native encryption at rest, that would utterly cement Obsidian for me for life.