When I migrated from Linux to macOS, I temporarily lost the ability to use my familiar encrypted backup drives. On Linux, I had relied on GNOME Disks and LUKS encryption to protect my data. Luckily, macOS offers a similar solution: APFS Encrypted drives. The strategy remains exactly the same, secure, local backups that I can control and carry with me in case of an emergency.
I don’t use iCloud, OneDrive, or Google Drive for my backups. Cloud storage works fine in emergencies, but I prefer knowing what data leaves my computer. With local, encrypted drives, I can see, manage, and store my data any way I like to.
Creating an Encrypted External SSD on macOS
Setting up a secure, encrypted drive on macOS is straightforward:
- Connect the SSD to your Mac.
- Open Disk Utility (Applications → Utilities).
- Select the drive from the sidebar and click Erase.
- Choose APFS (Encrypted) as the format.
- Name the drive (e.g.,
MacBackup) and set a strong password. - Click Erase.
Your drive is now fully encrypted. Every time you connect it, macOS will prompt for the password, keeping your data safe even if the drive is lost or stolen.
Backing Up the Right Files
Backing up isn’t just about saving documents and photos, it’s also about protecting my custom workflows and system customizations:
- User Data: Documents, photos, videos, and downloads. Use Finder for drag-and-drop, or
rsyncfor efficient command-line copies:
rsync -avh ~/Documents/ /Volumes/MacBackup/Documents/- Configuration Files: Preserve app settings and customizations stored in:
~/Library/Preferences/(system apps)~/.config/(third-party tools, like VS Code or Slack)
- Software Lists: Save installed packages for quick recovery:
brew list > ~/backup/brew-packages.txtSecure Flash Drives for Critical Files
For files that are extremely important, think tax records, legal documents, or irreplaceable personal projects, I go one step further. I distribute GPG-encrypted flash drives to friends for off-site safekeeping.
- Why GPG? It works across all operating systems, so I can decrypt files on Linux, Windows, or macOS without relying on any specific platform.
- These drives aren’t APFS or LUKS encrypted, but GPG ensures that even if someone besides me accesses the flash drive, the files remain unreadable.
This provides an additional layer of redundancy and off-site protection without relying on cloud storage.
Why I Avoid Cloud Backups
Cloud storage has a lot of limitations:
- Speed & Accessibility: In emergencies, uploading or downloading large datasets is not practical.
- Control: If I don’t have my login credentials, I lose access or need to waste weeks to prove that I am the owner.
- Privacy: Data is exposed to third parties.
With encrypted, local drives, I have full control, portability, and peace of mind.
The Takeaway
Whether you’re on Linux or macOS, the principles of a secure backup strategy are universal:
- Encrypt everything to protect sensitive data.
- Backup more than files, include system settings, customizations, and software lists.
- Maintain local copies that are portable in an emergency.
- Use GPG-encrypted flash drives for critical files stored off-site.
For me, local encrypted storage isn’t just a convenience, it’s a guarantee that I can grab my data and run if the unexpected happens.