Warning: This is more-or-less for setting up an off-site non-critical redundancy for peace of mind and is not a replacement for an immediately available on-site backup. If you are working on mission-critical work, please invest in a decent NAS or high quality USB 3.0 storage drives
TL;DR: Create a sparsebundle disk image, create a Cryptomator encrypted drive, set Time Machine backup to mountpoint of disk image, run first backup, unmount disk image and move it to Cryptomator drive, mount Cryptomator drive automatically on boot and write a script that mounts the disk image from the Cryptomator drive on login
I found myself in the need of backing up my macOS Install. I am a happy hackintosher who likes playing with macOS just as much as the next guy, but I found that my installation of a Kaspersky product would cause the machine to crash an unusual number of times.
And while the problem was apparently a misbehaving
kav kext, I found that I am in the need of a good backup system. Most of my development work is backed up and so is most of my music. So with my install which I have painstakingly customised to my liking (as a former Windows user who used to love playing with Stardock product trials and Rainmeter), I couldn’t afford to lose my custom
.bash_profile or my iTerm, Ferdi, Live and Audio Hijack configurations or re-license all my software.
I primarily use Carbon Copy Cloner (absolutely amazing tool) but this time I needed something that allowed me to go back in time, maybe a Time Machine :)
I have a few external drives that don’t work most of the time lying around (except my trusty WD 500GB drive, which can do no wrong) so I figured, let me back it up to the cloud.
One problem, client-side encrypted cloud storage is expensive. The solution? Cryptomator! But Cryptomator drives report themselves as
Crypto File System (OSXFUSE) and Time Machine only works with
The solution? Nested disk images.
Things you need⌗
An internet connection
Storage space, lots of it, outside your boot partition.
Creating your encrypted virtual drive⌗
Presuming you have Homebrew installed (if you haven’t, go here), open your terminal and run
brew cask install cryptomator osxfuse
Presuming you had a successful install and appropriate kext permissions (if prompted) were granted at System Preferences > Security and Privacy > General, launch Cryptomator.
You will be greeted by a cute green robot, now let’s get to work
Click on the Add Vault button
A dialog will pop-up, click on Create new vault, give it a name (preferably one word) and create it in a location that is accessible by your cloud syncing software (and isn’t on your boot drive) by clicking on custom location and selecting a directory
Enter a password (preferably saved by a password manager like KeePass) and save the recovery key somewhere safe. Now click on Create Vault
Click on Done (we aren’t unlocking it just yet, we need to do one more thing)
Click on your newly created vault and go to Vault Options and ensure that it looks something like this:
- Now, unlock your new vault, you should find a
WELCOMEdocument! (as of Cryptomator 1.5.5)
Now go to Cryptomator and ensure your preferences look something like this.
We need to go back to our terminal and find out the mount point of our encrypted volume
$ ls /Volumes/ 3GHFglmcsHBY_0 Macintosh\ HD
You will find some gargled obfuscated phrase like
3GHFglmcsHBY_0, this is our
_ENCRYPTED_VOLUME_NAME_, your regular
_VOLUME_NAME_ is the name you entered during the setup stage.
Creating the disk image and setting up Time Machine⌗
We now have our encrypted drive! Time for making our HFS+ disk image within our encrypted drive.
Create our disk image. The benefit of a sparsebundle is that it will only use as much space as it needs, so it doesn't use all 500GB (which is the size taken here) and in fact will only fill to your disk capacity (or maximum) disk image size, whichever one is lower $ hdiutil create -size 500g -library SPUD -fs HFS+J -type SPARSEBUNDLE -volname "TimeMachine" /Volumes/_ENCRYPTED_VOLUME_NAME_/TimeMachine.sparsebundle Let's introduce macOS to our disk image $ open /Volumes/_ENCRYPTED_VOLUME_NAME_/TimeMachine.sparsebundle Now, we tell Time Machine to use our new disk image as its default backup point $ sudo tmutil setdestination -p /Volumes/TimeMachine
We’re not done yet. We still need to tell Time Machine to backup only our boot drive. (Otherwise, it will try to backup the drive hosting the Time Machine backup, which is not good)
Go to System Preferences > Time Machine > Options and exclude everything that isn’t your boot drive. Now, backup away! This will take a lot of time so you can continue with your daily tasks.
(Tip: If you want to speed things up, you can create the sparsebundle on your normal drive, let it complete the first backup as that is the longest and then shift it to the encrypted volume)
Setting up cloud syncing is a matter of service preference and a matter of the tools that you use for syncing and is therefore outside the scope of this blogpost.
Creating our auto-mounting script⌗
_VOLUME_NAME_ is volume name and
_ENCRYPTED_VOLUME_NAME_ is encrypted volume name. Open up our trusty
Script Editor and paste this script. Change values as needed.
tell application "Finder" if not (disk "_VOLUME_NAME_" exists) then run application "Cryptomator" delay 5 end if end tell do shell script "hdiutil attach /Volumes/_ENCRYPTED_VOLUME_NAME_/TimeMachine.sparsebundle"
When you’re done, unmount everything (the TimeMachine volume and the encrypted drive) and close Cryptomator by going to the icon tray, selecting Cryptomator and clicking Quit. Now, to test the script, click on the Play (Run the Script) button
Does everything work? Good! Now go to File > Export and select type as Application and store it in your Applications directory.
Ensuring that everything works on login⌗
Go to System Preferences > Users and Groups > Login Items (click the lock to allow changes and so on..) and then click on the Add (+) button and select our newly created application.
We’re done! Yay!