💻/🖥️ How to Manage Sensitive Files in the Cloud

Last updated on : 2021-06-18

Instructions

What you should know

• This guide offers specific instructions on using Cryptomator with Google Drive. Cryptomator supports many other cloud drives as well, and the instructions will be similar.
• encrypted files are files are files that require decryption before you can use them, the opposite is clear files, which are your regular files that you can use without first decrypting them.

What you should prepare

• Finished to 💻-🖥️ Encrypt Cloud Drives with Cryptomator - we will continue using the vault (CSO Burma 2021) which we created in that guide here.

What you should do

1. Learn where your encrypted files are stored

Encrypting your files in a vault changes the way that you access your files. So let's have a look at these changes so you become familiar with the system:

1. If you open up File Explorer, and navigate to where Google Drive is being synced to on your computer, you will find the encrypted vault that we created under CSO Burma 2021
   
2. However the files shown here aren't the files which we put in, but their encrypted version.
3. The same is true if you navigated to that folder in the web version of your Google Drive:
   
4. It's very important that you never directly modify this directory or its files. So never place any files in here, or delete the files if you need to reclaim space.
5. Instead, you can add, change of remove files by first mounting the vault! Let's see how.

2. Learn where your clear files are stored

1. Search and open "Cryptomator"
2. Your vault should be shown on the list.
   • Note: If it isn't, click "Add Vault", then "Open Existing Vault", and follow the instructions
     
3. Select your vault from the list
4. Click "Unlock"
   
5. Provide the vault's password in the password prompt
   
6. In our example, we had the password store in Bitwarden, and copy it out by clicking the "copy" icon
   
7. We could never remember that password! It's also very strong
   
8. The drive will reveal itself
   
9. As you can see, it is mounted on the E:\ drive, so that is where we would find, add, change or remove files.

3. Work with files in your vault

1. Simply use your E:\ drive like you would any other folder on your computer
   
2. And in the background, Cryptomator is encrypting/decrypting your changes without you even noticing it! Google Backup and Sync or File Stream apps then sync the encrypted files to the cloud - your clear files never leave your computer.
   
3. Once you are working with your files, go to Cryptomator and click "Lock" for your vault
   
4. If there are still applications which are accessing the file, you will get a "Graceful lock failed". Try and close all the applications (including File Explorer) which were using those files, click cancel and "Lock" again. If you still didn't allow for a graceful lock, and you are sure that the Google Drive isn't being synced with (you can look at the Backup and Sync or File Stream apps for activity), you can force unlock.
   

4. (Optional) Take the Files Out of the Vault to Work on Them

In the previous section we just worked with files while the vault was open. This is acceptable is you are not at risk of being raided, your laptop suddenly being taken away from you, but might not be acceptable if you are being targeted by the authority and they could potentially seize your computer at any point while you are working on the files.

Just like a "bank vault", your file vault only secures your files while you have it locked. So instead of the workflow above, you could also open up a vault when you need files but lock it immediately after. So you would e.g. copy the "working files" to your desktop and edit them, create new documents, etc, and at regular intervals (e.g. at the end of the day and before lunch, or every time you finish with a file), you:

1. unlock the vault,
2. place the new files in the same location as where you took them from,
3. and lock the vault

In the background Google will sync the changes to the cloud which you could use as a way to collaborate with others, or as a backup in case your device is seized.

5. Working with your Team

Finally, you may want to collaborate with your team while using Cryptomator. Instead of sending documents over email, follow the instructions on how to 💻-🖥️ Manage Sensitive Files in the Cloud with a Team.