CryFS is considered beta software by its developers.

While that is completely fine, it is a bit of a problem for the LTS release of Plasma Vault.

The most recent problem that I was made aware of is that CryFS breaks its filesystem layout in new releases. While this is not a problem when using cryfs from the command line, it is a problem for UIs that use it like Plasma Vault, SiriKali and others.

Namely, the tool asks whether to upgrade the filesystem when you invoke it even when running in non-interactive mode. This means that Vault will fail to open if the filesystem needs to be updated.

Not all is lost though, if you encounter the issue of not being able to open a vault after upgrading CryFS, you just need to mount it manually once, and after that everything will work like before.

Open the .config/plasmavaultrc file, and find the Vault that you have the problem with. The configuration group header is the device - the location where the encrypted files are stored, and the mountPoint entry is the location where the decrypted files are shown when the vault is open.

Now just open Konsole and do the following:

    cryfs device mountPoint
    ... Answer all the questions you are asked
    fusermount -u mountPoint

This should be enough.

I’ve tested different options to do this automatically, but CryFS does not provide a safe way for it, and a bug report related to this issue has been ignored for half a year now.

Plasma Vault 1
Plasma Vault 1

For this reason, EncFS will be the default encryption system in Plasma 5.12. After that, I’ll start working on supporting gocryptfs which will hopefully be a fitting replacement come the next LTS release.


You can support my work on , or you can get my book Functional Programming in C++ at if you're into that sort of thing.