Encrypted backup using Cryptomator, Rclone and Cloud Storage

I am in the process of creating a backup of my files as my old backups are years old and out of sync. And, I only have my backup in a single place.

Anyway, first of all, this will be a bit technical, and unless you know what I am talking about here, don't try this with your files. You may loss your data and I'll obviously not be responsible for that, in any way.

So, this time I decided to create two copies of my files, first copy/backup will be on an external hard drive and another one will be on the cloud storage. In case of any local issues or disaster, I will still have my cloud backup. And if for some reason, I can't access my cloud storage, I'll have the offline backup. Unless there is an apocalypse, this is great for my case.

Dividing Files

The next step was to divide the files in different categories. I ended up with:

  • Personal files - no explanation required | most important
  • Professional files - projects and related files | important
  • Other files that can be downloaded again | good to backup

I moved the files to their respective folders and started creating local backup first.

File Encryption

Before creating backups, I wanted to encrypt the files so no one can access them. Even if someone get access to the files, the files will be of no value. For the local backup, encryption is probably not necessary but does not hurt. For the cloud backup, encryption is a must. 

I searched on DuckDuckGo and found Cryptomator, an open-source software, which is both simple and amazing. 

I created two vaults using it, one for my personal files and another one for professional. A vault is just a folder but all the files inside are encrypted. Even the file names and directory structure are obscured. 

Screenshot of two Cryptomator vaults
My cryptomator vaults

Local Backup

I used FreeFileSync, an open-source (more than) sync software, to create a synchronization between these vaults (plus the third category of files) and my local external hard drive. 

Cloud Backup

Now for the cloud backup, Google Drive, Dropbox and/or similar services are great. But I already have a lot files there and I wanted to centralize things. So, I created two AWS S3 buckets for my two vaults.

The buckets are private, has delete protection, and has redundancy itself and is on an EU region. AWS S3 also supports encryption on their side by since my data is already encrypted, I did not need that. I could have encrypted the encrypted files but my brain is still somewhat functional.

You can choose any cloud storage though. I chose S3 because I am familiar with it. 

Unfortunately, FreeFileSync does not support syncing to cloud storage services directly so I found rclone, another open-source tool for managing files on cloud.

I created a new IAM user on AWS for rclone and added my S3 buckets to it. Then with a simple single line command, I started the sync and it synced my files. 

Screenshot of an AWS S3 bucket showing multiple folders
S3 bucket with my backup files


In the end, I am very happy that I have spent some time creating backups. It is worth to note that the backups must be verified occasionally for their integrity. Otherwise, a corrupt backup is not something that can be considered useful.