A way for someone with MacOS device(s), iPad(s), and iPhone(s) to secure and access their data from their devices.

This setup allows iCloud to sync your vault files in encrypted form, while Cryptomator handles local decryption on each device.

Install Cryptomator on each device:

macOS:

• Download from: https://cryptomator.org/downloads/

iPhone & iPad:

• Install Cryptomator from the App Store (paid app)

Make sure you are logged into the same Apple ID and that iCloud Drive is enabled:

macOS:

• System Settings → Apple ID → iCloud → iCloud Drive → ON

iPhone/iPad:

• Settings → [your name] → iCloud → iCloud Drive → ON

Creating it on macOS is easier and more reliable.

• Open Cryptomator
• Click Add Vault → Create new vault
• When asked for a location, choose:
  • 'iCloud Drive'
• Optionally create a folder named:
  • ``Cryptomator``
• Name your vault (example: ``SecureVault``)
• Create a strong password
• (Recommended) Save a recovery key offline

Result:

• A folder appears in iCloud Drive: ``SecureVault``
• Inside are encrypted files (this is correct)
• When unlocked, the vault appears as a drive (example: ``/Volumes/SecureVault``)

• Open Finder → iCloud Drive
• Confirm that ``SecureVault`` is visible
• Wait for any cloud icons to disappear (fully synced)

IMPORTANT:

• Do not proceed until syncing is complete

• Open Cryptomator
• Tap Add Vault
• Select iCloud Drive
• Open the ``SecureVault`` folder
• Tap the file:
  • ``SecureVault.cryptomator``
• Enter the same password

You can now:

• View files
• Add photos/documents
• Scan into the vault
• Use Face ID or Touch ID

Repeat the same steps:

• Cryptomator → Add Vault
• iCloud Drive → SecureVault
• Select ``.cryptomator`` file
• Enter password

Your vault is now available on:

• macOS
• iPhone
• iPad

To avoid data corruption:

• Only open the vault on one device at a time
• Always lock the vault after use
• Allow iCloud to finish syncing before opening on another device
• Do NOT rename or edit vault files in Finder or Files app

Think of it as:

• Save → Lock → Sync → Open on next device

• Personal
• Scans
• Taxes
• Medical
• Password backups
• Encrypted documents

All of this is encrypted in iCloud.

After unlocking the vault on macOS:

• Right-click the mounted vault
• Select Add to Finder Sidebar

Now your vault is one click away.

Your vault password is the ONLY key to your data. If it’s lost → data is permanently inaccessible.

Use a long passphrase (recommended: 4–6 random words + symbols)

Good example:

• ``River!Tulip-Coffee9!Glass``

Avoid:

• Pet names
• Birthdays
• Dictionary-only words
• Short passwords

Minimum recommendation:

• 16+ characters
• Include uppercase, lowercase, numbers, symbols

Cryptomator allows you to create a recovery key file.

• Store it in TWO offline places:
  • External USB drive
  • Printed and locked in a safe
• Do NOT store the recovery key in:
  • iCloud
  • Email
  • Your Cryptomator vault

Recommended labeling:

• ``Cryptomator Recovery Key – SecureVault – [Date Created]``

Think of the recovery key as:

• A master key for emergency use only

This improves convenience WITHOUT weakening encryption.

• Open Cryptomator
• Click the vault
• Go to:
  • Settings → Security
• Enable:
  • Face ID (or Touch ID)
• You will still need the password after reboot

Now you can:

• Unlock the vault with Face/Touch ID
• Avoid typing the full password each time

If your Mac has Touch ID:

• Open Cryptomator → Settings
• Enable Use Touch ID
• You can now unlock using your fingerprint

If your Mac does NOT support Touch ID:

• Use a long, stored passphrase in your password manager

Important rule:

• iCloud sync is NOT a backup
• Sync ≠ Backup

You need separate, offline copies.

Once a week or month:

• Plug in an external drive
• Copy the entire:
  • ``SecureVault`` folder
• Paste it to:
  • External drive only
• Safely eject when finished
• Keep drive disconnected when not in use

IMPORTANT:

• Only copy the folder when the vault is CLOSED
• Otherwise, encryption files could corrupt

Time Machine WILL back up the encrypted files automatically.

This is good because:

• It stores the locked, encrypted content only
• Even Apple cannot see the data

Just be sure:

• The vault is locked most of the time
• Time Machine is running normally

You may also store a backup at another loc