💻/🖥️ Setup an Encrypted Vault

TYPE AUDIENCE PRIORITY COMPLEXITY EFFORT COST UPDATED
Preparation 🧑 ⭐⭐⭐⭐ ⭐⭐⭐ 🧑🧑 🆓 2021-06-18

Pasted image 20210617230745.png

Important

Encrypting your files means that nobody will be able to have access to them if they don't have the password... even you! So it's essential that you store your encryption password in a safe place, ideally in Bitwarden.

There is typically no recovery possible, so if you lose you password, the files in your vault will be lost forever, so it's also advisable to make backups, either of your encrypted vaults or of your files - of course storing them in a way that's at least as secure as your encrypted vault.

Rationale

With Full Disk Encryption, you can protect your data from just being copied over by anyone who has physical access to your computer. But if they get access to you computer while it is powered on - e.g. if you are forced to provide your login passwords - then the data on your system will still be compromised. That's why we want to usage an addition layer of protection - a encrypted vault that acts like a safe for you to keep your files in. With your files kept in a locked vault, even if your device is powered on, they still would not be able to gain access to it. And because there are ways in which you can hide your safe, perhaps they will never even discover it!

Pasted image 20210617230851.png

Instructions

What you should know

Like with all technologies, there are many options to choose from when it comes to technologies for encrypting your files. We are recommended tools which are:

This leads us to recommend VeraCrypt and Cryptomator. advanced 👩‍💻 For other options which also meet these criteria see this technical comparison.

What you should prepare

We are recommending two different technologies, as they both support a different use case. So which one you should choose depends on how your organisation stores and works with files. The choice largely comes down to whether you need plausible deniability or not.

Plausible deniability

Unsure what it means? Read our short explainer on 🔒 Plausible Deniability.

Now, consider whether having plausible deniability is essential for the files you are hiding on your computer.

Cryptomator vs VeraCrypt

Regardless of the choice between Cryptomator of VeraCrypt, with either option you:

So if you NEED plausible deniability, your choice is VeraCrypt. But know that with VeraCrypt it is not advised to sync your files in the cloud. So that makes it harder to collaborate on files. VeraCrypt is also useful to Create Encrypted Drives, i.e. encrypt entire drives, not just some of your files.

So if you DO NOT NEED plausible deniability, your choice is Cryptomator. Cryptomator is more user friendly, and it is made for syncing your files to the cloud. This way you can keep your files encrypted (both locally and in the cloud), but also share them securely with others, who can unlock the vaults on their own computers to work with the files locally.

Neither options truly allows you to disable remote access, but if you have 🔒 Setup a Bitwarden Account and 🔒 Practice Good Password Habits, your Emergency Contact would be able to revoke your access to the password and so you would not be able to login as you will be using a password that's far too long and complex to remember!

What you should do

Once you've decided whether VeraCrypt or Cryptomator better fits the way your organisation works, proceed to either use VeraCrypt or Cryptomator.

In some scenarios you might want to use both, but start with the most important one, and you can consider whether to add the second solution later.

Use VeraCrypt

First, you will want to:

Then, depending on your use case, move on to any of the following guides:

Use Cryptomator

First, you will want to: