Obsidian and similar tools work on a local folder of files. This is fantastic, but also means you need to handle encryption, backup, and syncing yourself. Below, I share my experience for a very specific use case: running Obsidian on an untrusted laptop, which requires data-at-rest encryption of our Knowledge Base (aka KB, our folder of markdown files), and syncing the KB to the cloud.

Our Requirements:

• Run Obsidian on an untrusted laptop (eg: corporate work laptop) running Windows 10
  • if motherboard fries for example, the laptop needs to sent back to the employer with hard drive data intact. This means, data at rest encryption is required so the employer cannot read our KB
• Sync Obsidian data to an untrusted cloud. Data must be encrypted during transit, and must be stored encrypted in the cloud
• Backup so we never lose more than an hour of work in case the laptop burns up, for example
• My KB consists of ~450 files, including ~25 images and non-.md files, at a total of 15MB.

Solutions attempted:

Below, I share my experiences with several solutions that I tried. They include file level and container level encryption of the KB.

What was I doing before Obsidian:

I still had my vast directories of files. I used to use vim's built-in blowfish encryption on a per-file basis, and sync these to the cloud via Google Drive. Voila: no setup to do, nothing to worry about. However, this became impossible with Obsidian given its need to be able to read all files in the plain.

A. Safe (a Windows EncFS client) + Google Drive

Idea: Store EncFS encrypted files into a Google Drive folder, mounted using Safe

• Wasn’t impressed by the client, its setup, interface, lack of clarity in whether and how it had installed onto my computer
• Copying my KB over via Windows Explorer showed a transfer rate of 1kB/s. Not exactly usable. Until it got worse and errored out with: An unexpected error is keeping you from copying the file. The process cannot access the file because another process has locked a portion of the file.

So this was a no-go.

B. Cryptomator + Google Drive = Poor Obsidian UI experience

Idea: Same as the above A. Safe approach, except, using Cryptomator instead of Safe. Use Google Drive “backup and sync” client (NOT GDrive for Desktop)

Typing/scrolling in Obsidian became very laggy, to the point of being unusable! Why? See below:

Investigation

• Same vault on local disk: fine, no lagginess