No prior experience with Cloudflare or cloud storage needed. This guide walks you through every step, including what things mean and why they matter.
Cloudflare R2 is a cloud file storage service — similar to Google Drive or Dropbox, but with no GUI app. It stores files in a private container called a bucket. You access it via an API (the plugin does this automatically). R2 has a generous free tier: 10 GB storage and 1 million requests per month at no cost.
Unlike Obsidian Sync or iCloud, you own the bucket — Cloudflare cannot read your files, and neither can the plugin developer. With encryption enabled, nobody except you can.
Visit dash.cloudflare.com/sign-up. Enter your email and a strong password. Verify your email when prompted.
Once logged in, find R2 Object Storage in the left sidebar. Click it. You may be asked to add a payment method — this is only needed if you exceed the free tier. A card is required to activate R2, but you will not be charged under normal vault usage.
On the R2 overview page, click Create bucket. Choose a name — something like my-obsidian-vault. The name must be unique within your account and use only lowercase letters, numbers, and hyphens.
Location, storage class — leave everything as-is. Do not enable public access. Click Create bucket to confirm.
The plugin needs a key to read and write files in your bucket. This is separate from your Cloudflare login — it is a dedicated API token scoped only to R2.
On the R2 overview page, click Manage R2 API Tokens (top right). Then click Create API Token.
Set Permissions to Object Read & Write. Under Specify bucket, select the bucket you just created. Leave TTL (expiry) empty for a permanent token.
After creation, Cloudflare shows you three values. Copy them now — you will not be able to retrieve the secret again.
https://<account-id>.r2.cloudflarestorage.comOpen Obsidian → Settings → Community Plugins. If prompted, click Turn on community plugins. This is required once per vault.
Click Browse, search for Secure-Smart-Sync, and click Install. Once installed, click Enable.
Alternatively, download the latest release from GitHub releases and copy main.js, manifest.json, and styles.css into .obsidian/plugins/Secure-Smart-Sync/ manually.
Go to Settings → Secure-Smart-Sync. You will see a settings panel with several sections.
Under the Cloudflare R2 section, enter:
Click Test Connection. You should see Connected successfully. If not, see the Troubleshooting guide.
Under Encryption, enter a password. This encrypts every file before it is uploaded. Do not lose this password — there is no recovery mechanism. If you lose it, your remote files cannot be decrypted.
Leave the method as OpenSSL AES-CBC unless you have a specific reason to change it.
Under Automation, toggle on Smart Sync. This is the recommended mode — it handles everything automatically: syncing after you stop writing, notifying other devices, and catching up when Obsidian reopens.
Click the SSS icon in the left ribbon (the purple S-shaped logo). This triggers a manual sync. You will see a brief notification when it completes. Your vault is now backed up to R2.
You do not need to re-enter credentials manually on every new device. SSS has a built-in pairing system.
Go to Settings → Secure-Smart-Sync → Pair Devices → Generate Code. A 6-digit pairing code appears, valid for 10 minutes.
Install and enable the plugin. In SSS settings, find the Enter Code field and type the pairing code. Click Import Code. Credentials are imported automatically.
Hit Test Connection to confirm, then trigger a manual sync. The new device now shares the same vault.
Check common errors and their fixes in the Troubleshooting guide.
Troubleshoot