# Obsidian Sync Official note synchronization service of [[Obsidian]]. It's a paid service. Currently (end 2024) costs $4 per month. Obsidian Sync works in the background and continuously synchronizes your notes across all connected devices. - It uses end-to-end encryption. Data is encrypted using AES-256 before being synchronized - Files are versioned. You can easily compare versions and go back in time if needed - You can work offline, and synchronization will occur once you come back online ## Headless CLI [[Steph Ango]] (Obsidian CEO) published [obsidian-headless](https://www.npmjs.com/package/obsidian-headless), an npm package that runs Obsidian Sync without a GUI. It connects to your vault on disk and syncs it just like the desktop app would — with the same speed, privacy, customizability, and end-to-end encryption. Install and run: ```bash # Run directly without installing npx obsidian-headless /path/to/vault # Or install globally npm install --global obsidian-headless obsidian-headless /path/to/vault ``` ### Sync modes - **Bidirectional** (default) — pushes and pulls changes in both directions - **Pull-only** (`--pull-only`) — only downloads from remote, ignores local changes - **Mirror-remote** (`--mirror-remote`) — only downloads from remote, reverts any local changes ### Use cases - Automate remote backups - Automate publishing a website - Give agentic tools access to a vault without access to your full computer - Sync a shared team vault to a server that feeds other tools - Run scheduled automations (e.g. aggregate daily notes into weekly summaries, auto-tag, etc.) ## Security Obsidian Sync has been independently audited by [Cure53](https://cure53.de/) (October 2024) and [Trail of Bits](https://www.trailofbits.com/) (December 2025). Both audits covered the API, server, and cryptography. All findings were addressed via remediations validated by the auditors, and a small number of accepted trade-offs (e.g. deterministic file-hash encryption for deduplication, server-readable path-to-content mapping for routing) are now documented on the [Sync security page](https://obsidian.md/help/sync/security). The audits also validated the August 2025 encryption upgrade shipped with Obsidian 1.9.11. ## References - Official Website: https://obsidian.md/sync - obsidian-headless npm package: https://www.npmjs.com/package/obsidian-headless - Obsidian Security page: https://obsidian.md/security - Cure53 Obsidian Sync audit (2024) — [summary](https://obsidian.md/files/security/2024-Obsidian-Cure53-Sync-Audit-Summary.pdf) and [full report](https://obsidian.md/files/security/2024-Obsidian-Cure53-Sync-Audit-Full.pdf) - Trail of Bits Obsidian Sync audit (2025) — [full report](https://raw.githubusercontent.com/trailofbits/publications/refs/heads/master/reviews/2025.12-obsidiansync-securityreview.pdf) - Announcement blog post: https://obsidian.md/blog/cure53-tob-sync-audits/