Automount an Encrypted Filesystem inside Dropbox

Download and setup Dropbox on your system: Get Dropbox

For the encrypted filesystem I'm using EncFS which is a FUSE filesystem, so we'll need to install MacFUSE via: Download MacFUSE

And if it's not already installed you'll need MacPorts: MacPorts Install Guide

Then start by making sure MacPorts is up to date, then install EncFS:

port -v selfupdate
port -v install encfs

Now we need to create the encrypted filesystem, run this as the user who owns the Dropbox (not root):

# This where your encrypted files will be stored and synced to Dropbox
mkdir ~/Dropbox/encrypted-ct
# This is your decrypted view of the FS, where you'll interact with your files
mkdir ~/encrypted-pt
# Create the filesystem
encfs ~/Dropbox/encrypted-ct ~/encrypted-pt
Creating new encrypted volume.
Please choose from one of the following options:
enter "x" for expert configuration mode,
enter "p" for pre-configured paranoia mode,
anything else, or an empty line will select standard mode.
> p
New encfs Password:

Select a password for your filesystem. We'll use OSX's keyring to store the password so we can auto-mount the filesystem on boot.

security add-generic-password -a $(whoami) -s EncFS -w password

Then the following command should grab it back out:

security find-generic-password -gs EncFS 2>&1 >/dev/null | cut -d'"' -f2

Now we'll throw together a script to mount the filesystem for us without having to type in the password. I put the following in a script under ~/bin:

mkdir ~/bin
vim ~/bin/

Paste the following into the file, fix up the location of encfs, encdir, and decdir:



function cleanup {
  # Kill sleep command ($! is PID of last command launched in background)
  kill $!
  umount "$DECDIR"
trap cleanup 1 2 3 6 15

# This is a bit of a hack, but appears to be the most compatible way between Linux and Mac
# Check if the DECDIR and it's parent's are the same filesystem, if so we haven't mounted yet
if [ "`df -h $DECDIR`" == "`df -h $DECDIR/..`" ] ; then
  security find-generic-password -gs EncFS 2>&11 >/dev/null | cut -d'"' -f2 | "$ENCFS" -S "$ENCDIR" "$DECDIR"
  echo Something is already mounted on $DECDIR
  exit 1

# Wait for exit
while true; do
  # Sleeping ignores normal signals so start it in a subprocess and wait for it
  sleep 3600 &

Make it executable:

chmod u+x  ~/bin/

To run the script at login we'll create a LaunchAgent, create the following file:

vim ~/Library/LaunchAgents/com.xensoft.encfsd.plist

And paste in the following:

<xml version="1.0" encoding="UTF-8"></xml>
<plist version="1.0">

Make sure to fix up the path of the script and off you go! Now every time you login you should have your encrypted filesystem automatically mounted for you.

edit: Things have moved along a bit since I last tackled this - the same basic strategy works but here are some tweaks:

MacFUSE has been replaced by OSXFUSE ( Can be installed with a MacFUSE compatibility layer - which I believe EncFS still relies upon.

If you want a slick interface to mounting your fuse filesystems (including EncFS with the plugin below) you can try Macfusion (

If you want to use EncFS with the MacFusion plugin and you installed EncFS using MacPorts you'll need to make a symlink so the plugin can find the executable it's looking for:

# ln -s /opt/local/bin /usr/local/bin # Assuming you don't have a /usr/local/bin already, the plugin will look for the encfs binary under here

Then the EncFS Plugin ( should install. With that you should be able to hit the "Plus" icon in Macfusion and add a new or existing EncFS filesystem. You can tweak the mount point of the plain text side under the Macfusion tab.

And if you haven't already go to Finder > Preferences and check the box to display "Connected Servers" otherwise some of these mounted filesystems are hard to find.