As this was a very simple & limited protection, user/password are now only used by sync (see File > Database Properties) before importing databases on other devices. Encrypted databases are much more secure and recommended now.
You could either create a new encrypted database and move everything from the old database into the new one. Or you could create an encrypted sparse image (see /Applications/Utilities/Disk Utility.app), copy the *.dtBase2 database to the volume, unmount the volume and change the extension to .dtSparse.
As sparse images require only the necessary disk space, it’s recommended to use a generous maximum size.
I created an encrypted database, but it simply opens into DT3 when double clicked, or when in DT3 already it will open from the recent menu. Do I have to use disk utility to create a disk image to have some password protection?
I created a related issue some time ago where we talked about DEVONthink 3 opening databases without asking a password.
After this post, I tried to create a new “sparse bundle” database with the Disk Utility technique, just two days ago and right before this post. The thing still happens on my Mac; DEVONthink 3 open the encrypted database without asking any password. It can’t be that I’ve made some mistake of not encrypting the database in the first place, or saving it to the Keychain Access all over again - I’m pretty careful with things like this. And I checked from the Keychain Access that I haven’t stored the newly created password there. Yet DEVONthink 3 keeps opening the new database without asking any password. It does this even if I close DEVONthink 3 app. Only after a reboot it asks for the new password. The mount appears and disappears in /Volumes/. I don’t understand how the DEVONthink 3 can mount and unmount the encrypted volume without asking for the specific password for the volume. It’s encrypted with the Mac File Utility, it disappears from the Finder and /Volumes. Yet DEVONthink 3 can open it without a password, even after restart of the Application, unlike other applications. Please explain.
Thanks for the info! Which version of macOS do you use? We’ve received few reports that on some systems it could sometimes happen that macOS does not fully eject the sparse image of the encrypted database (even though it disappears in the Finder and macOS claims that the operation was successful). Afterwards opening the encrypted database doesn’t require a password. Does it work as expected after rebooting the machine? Or only ask once for the password?
It was Mojave 10.14.6 but I’m gonna update to Catalina. I also got some new data about its behaviour, see below about renaming it back to *.sparsebundle.
When I rename it to .dbSparse and open it with DEVONthink 3
It asks the password for one time
It mounts in /Volumes/ but does not show in Finder Locations
Closing the database removes it from /Volumes
Doesn’t ask for the password after this when opening it again
When I close DEVONthink and rename the database back to *.sparsebundle and try to open it with Finder it says: “The following disk images couldn’t be opened. Db.sparsebundle. no mountable file systems”
When I restart Mac, rename the database back to *.sparsebundle and open it with Finder
It asks for the password
It mounts in Finder and /Volumes
It asks the password again after waiting for a short while (like 10 seconds; it seemed to reopen it without asking a password if reopened immediately)
Then when I move it back to Db.dtSparse and open it with DEVONthink
It asks for the password when opening it for the first time after boot
Then again it’s not asking for the password, etc until the next reboot
This seems to be exactly the mentioned issue. Before upgrading to Catalina I would definitely recommend a good backup strategy, by the way. It’s the buggiest release in recent years, especially iCloud.
Thanks for the tip re Cataline. I have a recent bootable backup on USB drive, and also a full system cloud backup, but I’ll run update for the USB drive backup before trying to upgrade to Catalina. In addition my DEVONthink sync stores and indexed folders reside in Dropbox. I just tried to parse, understand and then Google translate that one German thread regarding Catalina.
I noticed one more thing that’s probably relevant thing to this issue. After I mount the database with DEVONthink, then it shows in Disk Utility under “Disk Images”. When I close the database in DEVONthink, it stays grayed out in Disk Utility in the state “Not Mounted”. There’s an option to “Eject” it, but it doesn’t seem to do anything. Again, it’s not showing in Finder Locations at all when opened or closed, but shows in Disk Utility either in “mounted” or “not mounted” state, but never fully ejected.
It’s also an APFS volume, though I’m not sure if it makes a difference.
Did you create the sparse image on your own? Because HFS+ with Journaling should be used by File > New Encrypted Database… so that the sparse images are compatible to all supported macOS releases (10.11-10.15). Maybe that’s also the reason for the troubles.
Yes, I created the sparse bundle image on my own because DEVONthink doesn’t have an option for that, with the method you stated earlier. My Mac is on APFS too, so it shouldn’t be a problem about it not being compatible. But HFS+ might work better. I’ll report later on, since now, after about five hours it seems like I’m able to install Catalina finally. I had to actually run Disk Utility “repair” to get Catalina installed, otherwise it would whine about it being corrupted or whatever after 40 minutes of download, then start downloading it again.
This seems pretty close to my issue. I installed Catalina and the APFS image still didn’t eject properly, though now it was possible to eject it with Disk Utility.
Then I created an encrypted sparse bundle image in the format “MacOS Extended (Journaled)” and renamed it to *.dtSparse. Guess what - it works like expected! So it seems that at least for me the APFS sparse bundle images don’t eject properly. HFS+ works without issues.
Also, Blanc, I read your post a bit more thoroughly, and albeit the issue seems similar in nature, there are certain differences. You had the *.sparsebundle image with many DEVONthink databases in it. I had a similar setup earlier, or actually have right now, but I’d like to simplify things by using the DEVONthink 3 feature that automatically opens and closes an encrypted image with one DEVONthink 3 database in it. There are some other differences in what you saw compared to me.
DEVONthink 3 has a direct option to create such a database, but I don’t like it because it creates a “block” database which reserves all the space allocated to it, and it also causes for instance backup services to backup it all after the tiniest change. I was informed by the DEVONthink staff that you can create the sparse bundle image manually, with the technique mentioned earlier in this thread. This requires you to rename the .sparsebundle to .dvSparse, and you can only have one database inside. It is for this situation where, at least for me, APFS images don’t work very well, except once after reboot, but HFS+ works like it should.
But both of our issues might well be related to APFS filesystem issues.
Thanks Blanc. The DEVONthink 3 encrypted databases are kind of nice because they’re actually standard Apple images with a single DEVONthink database inside, so I don’t have to trust in DEVONthink creating the encryption technique. I know I can access the database in future even if I don’t have DEVONthink, as it is using the basic Apple infrastructure underneath.
I also have several DEVONthink databases inside one sparse bundle image, but I’m right now moving them into separate encrypted databases. It’s a bit of manual work to get it work this way, but I think it’s worth it, at least for me.
Here’s what I do:
First create a sparse bundle image with Disk Utility. Space can be generous since it’s a sparse bundle image. Format needs to be MacOS extended journaling instead of APFS. Encryption 256 AES. Image format: Sparse bundle disk image, not sparse disk image.
Save it with the name of the database you need to create. Mount the volume. Move one DEVONthink database inside the mounted volume. Close the mounted volume, then rename it to database-name.dtSparse.
There can be only one database inside one .dtSparse image/database, but I think it’s good at least for me. You can open just one topic, client, etc at the time you work on it instead of revealing them all.
There’s also one thing to keep in mind when using sparse bundle images. It takes up space in bands that take some MBs but there’s no automatic mechanism to clean up those bands. If you for instance put ten movies in an empty database and them delete them, it still takes the amount that was reserved for the movies. New files can reuse those bands, but they won’t be freed if there’s no need for them anymore.
You can use command hdiutil compact db.dtSparse to reclaim unused bands.