Mountain Duck 1.7

Mountain Duck 1.7 is now available with a focus on fixes for stability and performance improvements by an improved connection management. On Windows, the user interface is completely rewritten based on the Windows Presentation Foundation.

Mountain Duck 2.0 coming this spring will support transparent client-side encryption using Cryptomator interoperable vaults to secure your data on any server or cloud storage mounted.


We are thrilled to announce the availability of transparent, client-side encryption support for Cyberduck to secure your data on any server or cloud storage. The new encryption feature is based on the excellent concepts and work of Cryptomator. Cryptomator also offers apps for iOS and Android to access your encrypted data. All vaults either created by Cyberduck, Cryptomator or their mobile apps are fully interoperable.

Compared to other client-side encryption solutions on the market, ​the Cryptomator security architecture has many crucial advantages:

  • Open source software that can be audited independently for security. You can rest assured there are no backdoors and no hidden vulnerabilities.
  • In addition to file content encryption, file and directory names are encrypted, directory structures are obfuscated.
  • Other than disk encryption utilities, each file is encrypted for its own.
  • No online service subscription or account required. You will always have access to your data without the risk of a dependent service shutting down.

Starting to secure your data is as easy as creating a new Cryptomator Vault by selecting New Encrypted Vault and providing a passphrase. As soon as you try to open a folder containing a vault Cyberduck will prompt for the passphrase to unlock it. Inside a unlocked vault you can work as you are used to with Cyberduck. Uploads and downloads are transparently encrypted and decrypted respectively with no change in your usual workflow required. You can have encrypted vaults and non-encrypted folders reside along on your storage location.

Encrypted folder contents

Encrypted folder contents

Unlock Vault

Unlock Vault

Decrypted Folder Contents

Decrypted Folder Contents


You can find our full documentation in the wiki.

A  beta version is available for testing. You either download it directly for macOS and Windows or you switch to beta updates in your Cyberduck Preferences. Give it a try and let us know what you like and what you think – curious about your feedback! Support in Mountain Duck will follow later this month that will allow you to open Cryptomator Vaults in Finder and Windows Explorer.

Please note that this is beta software. For now, please use the Cryptomator Vault feature only with data you have a backup available.

Tabs Everywhere

If you have installed macOS Sierra, you can now use tabbed windows in Cyberduck 5.2 or later. You might want to enable tabs by default when choosing File → New Browser by selecting in System Preferences the checkbox Dock → Prefer tabs when opening documents: Always. New browser windows and the transfer window will then be displayed in a single window frame with a tab bar. You will also new menu items View → Show Tab Bar and Window → Merge all Windows.


Refer also to Use tabs with apps on your Mac.

S3 Transfer Acceleration

Amazon S3 Transfer Acceleration enables fast, easy, and secure transfers of files over long distances between your client and an S3 bucket. Transfer Acceleration takes advantage of Amazon CloudFront’s globally distributed edge locations. As the data arrives at an edge location, data is routed to Amazon S3 over an optimized network path. In general, the farther away you are from an Amazon S3 region, the higher the speed improvement (up to 300% faster) you can expect from using Amazon S3 Transfer Acceleration.

Cyberduck 5.2 and Mountain Duck 1.6 now uses the accelerate endpoints for file transfers to S3 when enabled for the bucket. Refer to the wiki for more information.


Deep Storage

Support for Spectra BlackPearl Deep Storage Gateway (Spectra S3) is available with Cyberduck 5, allowing users to move data to tape library storage managed by Spectra S3 interface fast using multiple connections achieving 1000MB/s with a 10GbE network link.

10GbE Transfer

Refer to the wiki for usage instructions.

Spectra Logic Solidifies Hybrid Cloud Offering with Cyberduck Integration

Spectra BlackPearl integration with Cyberduck open source tool enables unlimited choice in public cloud storage and private cloud local storage in one platform

BOULDER, Colo.—July 20, 2016— Spectra Logic, the deep storage experts, today announced the certification of the Cyberduck open source client software tool with its BlackPearl™ Deep Storage Gateway. The Cyberduck universal file and object storage management tool combined with Spectra® BlackPearl enables fast file transfers between primary storage, local tape and disk-based private clouds, or to any public cloud provider.

The integration of Cyberduck as a certified BlackPearl client gives users the power of direct drag-and-drop data moves between BlackPearl objects that reside on Spectra’s ArcticBlue™ disk or tape libraries, and multiple online cloud object stores. Using Spectra’s private cloud ecosystem means that infrequently accessed data can be archived to disk or tape for pennies per gigabyte, reducing the storage and recall fees associated with a pure public cloud strategy, now with a simplified and familiar Cyberduck interface.

Cyberduck integration provides the ability to seamlessly and simply move data between previously disparate storage platforms including local file systems, remote FTP systems, and a host of public cloud storage, including Amazon S3, Amazon Glacier, Google Cloud Storage and Drive, Microsoft Azure, Rackspace Cloudfiles and iRODS. Each system can be loaded in its own Cyberduck window and data moved between any of them.

“Cyberduck provides a wonderful interface to remote files using standard and cloud API protocols,” said beta user, Mike Warfe, Assistant Director, University Technology, [U] Tech, Research Computing and Cyberinfrastructure, Case Western Reserve University. “The integration with the Spectra Logic BlackPearl has enabled our researchers at Case Western Reserve University to have an additional option for storing their data on-premise, instead of the public cloud. This provides value through leveraging our campus bandwidth, and the university’s cyber infrastructure.”

The new Cyberduck BlackPearl integration simplifies data management. BlackPearl uses internal management policies for different storage devices, enabling the system to write data intelligently to different tape libraries, tape partitions, and nearline and online disk. This management feature, called Advanced Bucket Management (ABM), allows BlackPearl to control where and how data is written.

Cyberduck version 5.0 is a standalone application for both PC and MAC platforms and can be downloaded directly from the Cyberduck website or Spectra Logic’s Developer page and is free for Spectra customers.

“End users turn to the cloud to capture a backup copy for disaster recovery, or to create genetic diversity in their backup environment where multiple copies of data are preserved on different mediums in separate locations,” said Matt Starr, Spectra Logic’s CTO. “The Cyberduck integration gives customers the ability to move files quickly to a deep storage platform with a tool they are already familiar with, creating a flexible and powerful cloud strategy.”

Learn more about Spectra Logic’s Cyberduck client integration offering in our joint solution brief and video.

More options for Server Side Encryption in S3

Server side encryption (SSE) for stored files is supported and can be enabled by default for all uploads in the S3 preferences or for individual files in the File → Info (⌘-I) → S3. AWS handles key management and key protection for you. Cyberduck previously supported server-side encryption using SSE-S3 where files are encrypted with a default key managed by S3 using AES-256.

Cyberduck 5.0 and later now supports the use of private keys used for servers-side encryption of files uploaded to S3 managed in AWS Key Management Service (KMS). The dropdown list in the Info panel allows to choose from all private keys managed in AWS Key Management Service (KMS). This requires the kms:ListKeys and kms:ListKeys permission for the AWS credentials used to connect to S3.

AWS SSE-KMS Private Key Selection

You can give it a try in the latest snapshot build.