I would like to keep my secrets in encrypted directory. It seems that there already exists a nice solution to this problem and it is called encfs.

For reference, I found online manual with examples after visiting baeldung linux article first.

So, let’s do it.

Create a pair of directories

Here I’m creating two directories:

• ~/.crypt is the source directory - here encrypted data are stored
• ~/crypt directory which is the mountpoint - here I would see decrypted files to work with

1

[karma@tpd] mkdir ~/crypt ~/.crypt

Create encfs

Now, in order to start working with encsfs I issue following command: encfs source mountpoint:

1

encfs ~/.crypt ~/crypt

This command creates an encfs filesystem at ~/.crypt and mounts it at ~/crypt which - when written to - would transparently encrypt data to ~/.crypt; in this case it prompts for password which you have to remember (it can later be changed using encfsctl); if mountpoint is not empty - it prints a warning and quits.

• each file in source has a corresponding file in mountpoint
• file names are also encrypted

Encrypt files

I create file secret_file.txt with some data inside ~/crypt and I can see that there is also a file in ~/.crypt:

1
2
3
4
5
6

[karma@tpd|~] echo "my secret data" > ~/crypt/secret_file.txt
[karma@tpd|~] cat ~/crypt/secret_file.txt 
my secret data
[karma@tpd|~] ls ~/.crypt/
YlWLYjPBOLyHF8NpoB7W3Sh1
[karma@tpd|~] 

Unmount the filesystem

After my interaction with the filesystem is complete, I can unmount it using:

1

fusermount -u ~/crypt

Summary

My personal usecases for encfs are:

• keep my personal journal entries (stored as plaintext, e.g. markdown, files) encrypted
• encrypt file(s) with passwords
• store private files on remote servers (e.g. on hosting provider machine) in encrypted form

It is super easy to use and - assuming I will not forget my password - give me a warm feeling that my data will not be easily seen and used