this post was submitted on 12 Nov 2023
8 points (100.0% liked)

ObsidianMD

4113 readers
1 users here now

Unofficial Lemmy community for https://obsidian.md/

founded 1 year ago
MODERATORS
 

I'm in the process of changing my note taking from Standard Notes to Obsidian, and I am trying to figure out how I can sync notes between my laptop and Android device with the notes encrypted. I thought I had the solution by encrypting with Cryptomator and syncing the encrypted vault with Syncthing. But I realized that Cryptomator on Android does not work by mounting a new drive like it does on Linux, so Obisidian could not access the unencrypted files. So now I am not sure where to go from here.

My requirements:

  • Notes are synced both ways between laptop and phone
  • Notes are encrypted at rest
  • No usage of external cloud services

How do you go about syncing?

all 8 comments
sorted by: hot top controversial new old
[–] [email protected] 2 points 1 year ago (1 children)

Does the disk encryption of Android count as encrypted at rest? If not, I think this will be a hard requirement to meet.

That aside, I'm having good luck with Synching. I think there's a bit of a learning curve setting it up, but you don't really have to touch it once you're done.

[–] [email protected] 2 points 1 year ago (1 children)

No, as I'd want it to be protected in the case someone gets a hold of the device in an unlocked state.

I found Syncthing very nice to work with, and successfully synced between my two device, so I would love to keep using it. But as it is now, I would have to sync the unencrypted files on both my devices. Not sure how it will behave if I try to sync the mounted drive on my computer, if the vault is locked.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

My only guess is that you could maybe use Termux to set up a gocryptfs mount that Obsidian could use, but I'm not sure if that would work or not. gocryptfs encrypts files physically on the drive, but exposes them unencrypted under a transparent logical mount.

Edit: DroidFS uses gocryptfs in the backend, maybe that would be easier.

[–] [email protected] 2 points 1 year ago

Interesting. Would require the use of some of the unsafe features, but at first glance it does look like this could work.

[–] [email protected] 1 points 6 months ago* (last edited 6 months ago)

I have been thinking through this exact problem in the past few weeks. Let's write back with what we come up with! I'm going to explore the DroidFS suggestion.

[–] [email protected] 1 points 1 year ago (1 children)

Isn't syncthing already encrypted?

[–] [email protected] 3 points 1 year ago

The transfer I would assume is encrypted, but it is the files at rest I am interested in making sure is encrypted.