← All docs

VaultGuard Sync for Obsidian

This is the flat release mirror of the plugin for Obsidian's community directory. Canonical source (plugin + server, for self-hosters and auditors): https://github.com/peter70700/vaultguard-obsidian/tree/main/packages/plugin

VaultGuard Sync is the Obsidian plugin for permission-aware encrypted sync, part of the VaultGuard product family. This public plugin repository contains only the Obsidian client.

Fresh installs start with one shield and the protection/sync core. AI Chat, Permissions Graph, and external Agent Access are optional modules that remain off until enabled in settings; established installs preserve their previous availability during migration.

Features

  • Client-side encrypted sync — supported file bodies are AES-256-GCM encrypted before upload. The current service uses KMS-backed server-managed keys, so the backend is inside the trust boundary; this is not zero knowledge.
  • Local at-rest encryption — supported vault adapter paths are encrypted in place under a per-device key wrapped by available device storage. Documented exclusions, Obsidian caches, filenames/metadata, and large files pending a safe first upload can remain plaintext.
  • Large attachment sync — text and binary files above the normal JSON request limit use a vault-scoped encrypted direct-transfer path up to the deployment's configured maximum. Failed or offline large uploads preserve the local file and appear as pending for retry.
  • Human recovery — one Recovery Center exposes bounded file history, deleted files, confirmed restore, and non-destructive conflict inspection.
  • Per-file permissions — vault, folder, and file-level grants with role inheritance, enforced server-side. Default deny; explicit grants only.
  • Expiring authenticated guests — invite a viewer to selected active vaults for 1–90 days. Membership, permission rules, and renewable key leases share the same expiry boundary; this is not anonymous public access.
  • Permission-aware AI chat (optional) — a native Claude/GPT chat panel inside Obsidian (open it with the command palette or control center). Ask about your notes, or have Claude draft and edit them. Every file it reads or writes runs through the same at-rest decryption, per-file permission checks, and audit logging as a human user; the model never touches the on-disk ciphertext. Connect with your own Anthropic/OpenAI API key or by driving a supported subscription — until you connect, the panel makes zero outbound calls. Works on desktop and mobile (token-by-token streaming is desktop-only). VaultGuard encrypted key storage is the default; Obsidian 1.11.5+ users can explicitly select a named native secret without placing the secret value in plugin settings.
  • Visual permissions graph (optional) — the "VaultGuard: Open permissions graph" command opens an interactive map of who can reach what: users, files, and folders as nodes, with edges colored by access level (read / write / admin) and dashed for time-bound grants. Click any node or edge to see exactly which rule grants that access and why. The graph only ever shows files you yourself can read. Desktop-only.
  • Audit logging — every access and permission change is recorded to a server-side audit log (advanced dashboards, alerts, and CSV export are a Pro feature).
  • Managed access revocation — revoking a user stops new authorised server access and renewable leases. Devices enforce the change when they reconnect or current leases expire; exported copies outside VaultGuard cannot be erased.
  • Built-in vault tools — both the AI chat and any external agent work through one curated, permission-gated tool surface instead of raw file access: list and search the files you can see, read decrypted content, apply_patch edits, and create new notes. Every call is permission-checked and audit-logged, and the tools refuse hidden/excluded paths (.obsidian, .trash, .git, …).
  • MCP server for external agents (optional) — VaultGuard runs a built-in MCP (Model Context Protocol) server over Streamable HTTP, so you can wire your own AI tools — Claude Code, Cursor, Claudian, anything that speaks MCP — into the vault. They surface as mcp__vaultguard__list / search / read / apply_patch / create and connect with short-lived, scoped lease tokens you mint, rotate, and revoke from Settings → VaultGuard → Agent bridge connections. Agents never get raw filesystem access or your keys — only decrypted content they're allowed to read. Desktop-only.

The optional AI chat, permissions graph, built-in tools, and MCP server are plugin features and work on every edition (Community, Pro, Enterprise) — the security primitives are never paywalled. See the security plane table below for the full per-edition breakdown.

Editions

VaultGuard Community Edition is the open-source, self-hosted stack (your AWS, edition=community codebase, Pro-only features gated off). Pro and Enterprise are the managed VaultGuard Cloud running the Pro Edition codebase — they add the operational layer most teams want once they scale past a few users, without paywalling any of the security primitives.

Community Edition Pro Enterprise
Where it runs Your own AWS Our AWS (managed) Dedicated infra
Price Free, self-hosted €12 / user / month Custom
Edition (code) community pro pro
License Sustainable Use License Cloud ToS Commercial contract
User cap Your deployment limit Up to 100 By agreement
Storage Your AWS configuration 100 GB included By agreement
Trial Clone + deploy 14 days; payment method required Sales call

Security plane

Identical in every tier — security primitives are never paywalled.

Capability CE Pro Enterprise
Client-side content encryption (AES-256-GCM + managed KMS keys)
Per-file permissions with role inheritance
Session, permission, and renewable-lease revocation
Time-bound key leases (1h default, configurable)
Multi-vault support per organization
Plugin allowlist enforcement
Cognito auth (password + BYO IdP via Cognito)
Local at-rest encryption via OS keychain
TLS 1.2+ in transit (TLS 1.3 when negotiated)

Admin & operations

Where Pro starts to earn its keep.

Capability CE Pro Enterprise
In-Obsidian admin (users / permissions / settings / recovery)
Hosted web admin panel (admin.vaultguard.cloud)
Share links + share-bridge for internal teammates
Basic audit log (GET /vaults/{vaultId}/audit/logs)
Advanced audit — dashboards, alerts, CSV export, per-user / per-file reports
Audit retention 30 days (configurable) 1 year Custom
Stripe-backed billing
Transactional email (invites, password reset) Your SES Managed Managed
Org signup Single-tenant lockdown Multi-tenant Custom
Managed AWS infrastructure
Managed security update process
Managed backup operations
Uptime target None 99.9% target Custom by agreement
Support target Community (GitHub) Email, 1-business-day target Priority by agreement

Enterprise-only

Capability CE Pro Enterprise
SAML / OIDC SSO integration
SOC 2 / HIPAA evidence packages Available by agreement
Dedicated infrastructure
Custom data residency
Custom key rotation & retention policies

Responsibility split

What you do vs. what we do.

Responsibility CE Pro Enterprise
Deploy the backend You (terraform apply) Us Us (or you, with license)
Patch Lambda runtimes / dependencies You Us Us
Rotate KMS keys You Us Us / custom
Run backups You Us Us
Monitor uptime / page on-call You Us Us
Pay AWS bill You Custom
Compliance evidence You Us

What CE actually delivers

  • Working AWS Cognito + API Gateway + Lambda + DynamoDB + S3 + KMS + SES stack via Terraform
  • Plugin connects with no code changes — capability discovery hides Pro-only UI surfaces
  • Single-tenant by default — public signup refuses after the first org exists
  • User, vault, storage, and file-size limits follow your AWS configuration
  • Cost: AWS resources only. Idle deployment ~$5–15/month on low traffic.

What CE doesn't deliver (and why Pro is worth paying for)

  • No web admin panel — managing 50 users from inside Obsidian is painful for non-technical leads
  • No share links — every external collaboration needs the recipient to be a full vault member
  • No audit dashboards, alerts, or CSV exports for compliance teams
  • No managed uptime commitment, backup operations, or patch pipeline — AWS deprecations are your responsibility
  • No SSO, no compliance attestations — Enterprise is the only path for regulated environments

The one-sentence pitch

Community Edition is the trust signal and the escape hatch. Pro is what you pay for once the team grows past two non-technical admins, needs to share with outsiders, or has a compliance team asking for audit evidence. Enterprise adds SSO, dedicated infra, and compliance attestations on top of Pro.

Want managed hosting? Start a 14-day Pro trial — a payment method is required at trial start. Or contact Enterprise sales for SSO and compliance.

Self-Hosting (Community Edition)

VaultGuard Community Edition is a monorepo: this packages/plugin/ is the Obsidian client, and packages/server/ is the AWS backend (Cognito, API Gateway, Lambda, DynamoDB, S3, KMS, SES) deployable with Terraform on your own AWS account. Single-tenant by default; Pro-only features (web admin, share links, Stripe billing, landing page) are excluded.

The end-to-end deploy walkthrough lives at docs/SELF-HOSTING.md.

Hosted Mode

Hosted organizations use the same plugin. Click Continue with VaultGuard Cloud or redeem an invite link from your administrator; the plugin includes the public VaultGuard Cloud API and Cognito identifiers and refreshes organization-specific settings after sign-in. Entering an organization slug is still available for admins who want to pre-resolve a specific org.

Install From a Release

  1. Open the latest release and download these three files:

    main.js
    manifest.json
    styles.css
    
  2. Place them into your vault at:

    <Vault>/.obsidian/plugins/vaultguard-sync/
    
  3. Restart Obsidian.

  4. Enable VaultGuard Sync under Settings > Community plugins.

Build From Source

npm install
npm run -w vaultguard build

The build produces packages/plugin/main.js alongside the existing packages/plugin/manifest.json and packages/plugin/styles.css. To install the built plugin directly into a local vault:

npm run -w vaultguard install:plugin -- "/absolute/path/to/YourVault"

Self-Hosted Configuration

Open Settings > VaultGuard Sync > Connection, enable manual configuration, then paste your server config URL, for example https://your-server.com/.well-known/vaultguard.json. The config response fills:

  • API endpoint
  • Organization ID
  • Cognito User Pool ID
  • Cognito Client ID

You can still edit those fields manually after applying the config URL.

See docs/SELF-HOSTING.md for the end-to-end Community Edition deploy walkthrough, and packages/plugin/docs/openapi.yaml for the OpenAPI 3.1 schema describing the backend HTTP contract a self-hosted server must implement.

Network Use

VaultGuard Sync connects to the effective API endpoint shown in plugin settings and to the configured AWS Cognito User Pool endpoint for authentication. Fresh installs default to https://api.vaultguard.cloud, but the plugin does not make Cloud requests on load: Cloud/sync network calls begin only when you sign in, redeem an invite, connect an organization, or restore an existing session. Manual configuration bypasses the bundled Cloud fallback.

Two user-triggered network paths are independent of Cloud sign-in and are listed here for full disclosure:

  • Manual update check. Only the explicit Check for plugin updates command queries the GitHub Releases API (api.github.com / github.com). Plugin load does not start an update timer or GitHub request. The manual check sends no vault data or account information — only a standard version request.
  • AI chat (opt-in). If you use the built-in AI chat and supply your own Anthropic or OpenAI API key, chat requests go directly to api.anthropic.com or api.openai.com. No AI calls are made until you enable chat and provide a key, and vault content reaches the provider only through VaultGuard's permission-gated tools, never as raw file paths.

The plugin uses Obsidian's requestUrl API for all HTTP calls; the desktop-only AI chat streaming transport uses Node's https.request to api.anthropic.com only.

Account, Data, and Privacy

VaultGuard Sync requires an account on the configured backend. In hosted mode, that account is provided by the hosted VaultGuard organization. In self-hosted mode, the account is provided by your own compatible backend and Cognito User Pool.

The plugin sends vault-relative file paths, file metadata, encrypted file contents, permission checks, audit events, and authentication tokens to the configured backend as part of sync and access control. It does not include client-side telemetry, ads, or analytics. Billing and subscription management are handled outside the public plugin.

Sync runs while Obsidian is active: local changes are observed and remote changes are checked on a configurable interval. It is not live collaborative editing or a background service after the app is suspended. File support is bounded by the backend's configured size limit and device resources.

VaultGuard Sync stores plugin settings, vault binding data, and auth session data in Obsidian's plugin data store and browser storage so it can restore your session. The local at-rest encryption key is wrapped on device; the recovery code is shown only to you and is never sent to the backend.

Development

npm run -w vaultguard dev    # esbuild watch
npm run -w vaultguard test   # vitest

License

Sustainable Use License — see LICENSE