Objective

Install and use Plasma Vault to create encrypted storage directories.

Distributions

This will work on any distribution with Plasma 5.11 or higher.

Requirements

A working Linux install with Plasma 5.11 or better and root privileges.

Difficulty

Easy

Conventions

  • # - requires given command to be executed with root privileges either directly as a root user or by use of sudo command
  • $ - given command to be executed as a regular non-privileged user

Introduction

The Plasma desktop's new Vault feature makes encrypting directories incredibly simple. It's built right in to the desktop task manager, and directories can be managed by regular users without sudo. Vault is an excellent middle ground between single file encryption and whole filesystem encryption. It's not hard to see how useful that can be.

Install Vault

Begin by installing Vault. Plasma Vault was introduced in Plasma 5.11, so some distributions may not have it yet. This guide will cover the distributions that have Vault packaged now, but others will follow. In every case, it's named plasma-vault

KDE Neon
$ sudo apt install plasma-vault
OpenSUSE Tumbleweed
# zypper install plasma-vault
Arch Linux
# pacman -S plasma-vault
Gentoo
# emerge --ask plasma-vault
After the installation, you may need to log out and log back in to Plasma.

Create A Vault

Creating and managing vaults is all done through the system tray. After you logged back in to Plasma, you should see a small lock icon in your tray. That's the icon for Vault.

Plasma Vault icon

Click on the lock, and a menu will slide out. Since this is your first time, there won't be any vaults displayed. You will see a button to create one, though. Click on it

Name your Plasma Vault

A window will open up to walk you through the creation process. On the first screen, give your vault a name, and select an encryption system. Vault selects CryFS by default,and it's currently the best option.

Plasma Vault CryFS Notice

The next screen will give you a notice stating that CryFS hasn't been professionally audited. Just be aware of that and click to the next screen.

Set the password for your Plasma vault

Next, create a passphrase for your vault. Make sure that it's both long enough to be secure and memorable. Like with any encryption, if you lose the password, you lose the data it protects.

Plasma Vault set mountpoint

The following screen will let you select a mount point for your vault. The defaults here are convenient, but you can certainly change them, if you want.

Plasma Vault set cypher

Finally, you can select the cypher used to encrypt your vault. The AES256 options provide the best encryption. When you're done, click "Create" to finalize your new vault.

Mounting And Unmounting



Plasma Vault mounted

Click on the lock icon in the system tray again. This time, you'll see the new vault that you created. It's already mounted, since you just created it. The mount/unmount icon is to the far right side of the listing. Clicking that will mount or unmount the vault. You don't need root to do this.

Plasma Vault open

With the vault mounted, click on it. You'll see the option to open the directory or change the settings. Go ahead and open the directory. It behaves like a normal direcUse Plasma's new Vault feature to create encrypted folderstory when the vault is mounted. Everything is integrated with Dolphin, so you don't need to worry about any weirdness there either.

When you're done working with the vault, click on the unmount icon next to the vault's name, and it will be unmounted.

If you want to go back and work in the vault again, click the mount icon. You'll be prompted to enter the password that you used to create it. Then, the vault will open up.

Closing Thoughts

You can see how Plasma Vault is an amazingly useful feature, but it's so simple to use that even the least technical people can pick it up with relative ease. KDE has made some real progress in helping Linux users secure their personal files, and they've made encryption easy. That's what really matters here.