Obsidian vs Filarr: Encrypted Notes Head-to-Head (2026)

Q: What is Obsidian, and what is Filarr?

Obsidian is a note-taking app built on top of plain Markdown files stored on your local disk. Founded in 2020 by Erica Xu and Shida Li (Dynalist team), it shipped its 1.0 in late 2022 and now has well over a million users. The core editor is closed source — only the markdown vault format is open. The app is free for personal use; commercial use requires a $50/user/year license. Plugins (community and official) let you transform Obsidian into nearly anything: a database, a kanban board, a calendar, an RSS reader.

Quick Answer. Obsidian and Filarr are both local-first note-taking apps. Obsidian wins on plugin ecosystem, mobile apps, community size, and maturity (since 2020). Filarr wins on native AES-256-GCM encryption, per-file key isolation, multi-profile workspaces, and combining files with notes in one app. Obsidian is proprietary; Filarr's desktop client is open source under BSL 1.1.

Obsidian is the dominant local-first note-taking app in 2026 — a massive plugin ecosystem, a polished cross-platform editor, a community in the hundreds of thousands. Filarr is newer, smaller, and built around a different priority: cryptographic security baked into the architecture rather than added by plugin.

Both apps are local-first. Both store your data in a way that survives the developer. They make different trade-offs about everything else.

This article goes through those trade-offs honestly. Where Obsidian wins, it wins. Where Filarr wins, it wins. The goal is to help you pick correctly.

What is Obsidian, and what is Filarr?

Obsidian is a note-taking app built on top of plain Markdown files stored on your local disk. Founded in 2020 by Erica Xu and Shida Li (Dynalist team), it shipped its 1.0 in late 2022 and now has well over a million users. The core editor is closed source — only the markdown vault format is open. The app is free for personal use; commercial use requires a $50/user/year license. Plugins (community and official) let you transform Obsidian into nearly anything: a database, a kanban board, a calendar, an RSS reader.

Filarr is an encrypted workspace combining notes, files, a knowledge graph, and a canvas. It launched in 2024, built by an indie developer in France. The desktop client is open source under Business Source License 1.1 (BSL 1.1), automatically converting to Apache 2.0 on April 19, 2030. Filarr's defining choice: every file on disk is encrypted with AES-256-GCM by default, with a per-file key architecture. There's no plugin marketplace; the trade-off is intentional.

Both apps satisfy most of the seven properties of local-first software. Both run fully offline. Both leave your data usable even if the company shuts down.

How does each handle encryption?

This is the most consequential difference.

Obsidian does not encrypt your notes by default. Your vault is plain Markdown on disk — readable by any process with file access, by backup tools, by malware, by anyone with access to your machine while it's unlocked. To get encryption with Obsidian, you have three options:

Obsidian Sync (paid official service) provides end-to-end encrypted cloud sync with AES-256. But this only protects data in transit and at rest on Obsidian's servers — the local vault is still plaintext.
Disk-level encryption (BitLocker, FileVault, LUKS) protects the vault when your machine is powered off, but not while it's running.
Community plugins like Mara Cryption or Plugin Encryption Suite add encryption for specific notes, but they sit outside the editor's core and depend on individual plugin maintainers.

Filarr encrypts everything by default with AES-256-GCM at the file level. Each file gets a unique File Encryption Key (FEK), wrapped by a Key Encryption Key (KEK) derived from your password through PBKDF2-SHA-512 (600,000 iterations) plus Argon2id (64 MiB memory, 3 iterations, 4 parallelism). The KEK never leaves your machine in plaintext. Even with full filesystem access, an attacker sees only opaque ciphertext.

This isn't a feature you enable — it's the format. There's no "decrypted" state on disk; files are decrypted in memory only when you open them, with secure wiping afterward. See Filarr's full security architecture for the threat model and audit details.

If your threat model includes device theft, shared computers, untrusted backups, or "someone else might gain file system access" — Filarr's default encryption is a meaningful difference.

How does each handle sync?

Both apps treat sync as optional. Neither requires a cloud account to function locally.

Obsidian offers three sync options:

Obsidian Sync ($5/month standard, $10/month Plus): the official end-to-end encrypted cloud service. Best UX, fastest setup. Up to 100 GB on Plus.
Bring-your-own-cloud: drop your vault into iCloud, Dropbox, Google Drive, or any folder sync tool. Free, but encryption depends on the cloud provider (none if you use Google Drive).
Self-hosted alternatives: Syncthing, rsync, Git. Free, requires setup.

The vault format being plain Markdown is what makes the bring-your-own approach work — you can sync the folder anywhere.

Filarr offers two sync options:

Filarr Cloud Sync (€4/month Solo, €8/month Pro): zero-knowledge cloud sync via Cloudflare R2 in Europe. The server stores only opaque encrypted blobs; multi-device pairing happens through an ECDH P-256 protocol where keys are exchanged between your devices without the server seeing them. See zero-knowledge encryption explained.
Local-only: no sync, fully self-contained on one device.

Filarr does not currently support self-hosted sync or bring-your-own-cloud. The encrypted file format isn't a folder of standard files — it's a structured encrypted vault — which makes generic folder sync impractical. This is a real limitation compared to Obsidian.

What does Obsidian do better than Filarr?

Honest list — these are areas where Obsidian is genuinely ahead in 2026.

Plugin ecosystem. Over 1,500 community plugins. Dataview, Excalidraw, Kanban, Calendar, Tasks, Templater, QuickAdd — entire workflows depend on these. Filarr has none.
Mobile apps. Native iOS and Android, fully functional, with Obsidian Sync. Filarr is desktop-only as of 2026.
Community. Forums, Discord, YouTube tutorials, blogs, conferences. If you're stuck, someone has already solved it. Filarr's community is small.
Themes and customization. Hundreds of community themes, CSS snippets, full visual customization. Filarr ships with one theme.
Maturity. Five years of polish on the editor, the file watcher, the search index. Filarr is younger; some edges are still being smoothed.
Plain Markdown format. Your vault is a folder of .md files. Read it in any editor. Migrate to anything else with no friction. Filarr's format is encrypted and Filarr-specific — exportable but not directly readable.
Free tier. Free for personal use forever. Filarr's free tier is also generous, but Obsidian's commercial-use $50 license is more permissive than BSL for some self-hosted SaaS use cases.

What does Filarr do better than Obsidian?

Equally honest. These are areas where Filarr genuinely leads.

Native encryption. AES-256-GCM, KEK/FEK per-file architecture, not a plugin. The encryption is the format.
Per-file key isolation. A compromise of one file's key exposes only that file, not the entire vault. With Obsidian, all your Markdown is equally accessible.
Multi-profile isolation. Each profile in Filarr has its own KEK. Profile A cannot decrypt Profile B's files, even on the same machine. You can keep one profile for personal use, one for clients, one for sensitive research — cryptographically separated. Obsidian uses "vaults" which are just separate folders, with no encryption boundary.
Files alongside notes. Filarr is a workspace: PDFs, images, video, audio, code files live in the same encrypted store as your notes. The knowledge graph connects files, folders, and notes in one view. With Obsidian, files are second-class — they sit in folders next to your Markdown, but the editor only natively understands Markdown.
Zero-knowledge cloud sync. Obsidian Sync is E2EE, but Obsidian (the company) handles your encryption keys server-side during sync exchange. Filarr's sync uses ECDH P-256 pairing so keys are exchanged client-to-client through an opaque server. The difference matters under "service compromise" threat models.
Open-source desktop client. Obsidian's app is proprietary closed-source — you cannot audit the editor or the sync client. Filarr's desktop client is published under BSL 1.1 and converts to Apache 2.0 in 2030. See why Filarr chose BSL 1.1.
Integrated canvas, drawings, flashcards, daily notes. Out of the box, no plugin chain to assemble.

How do the prices compare?

Pricing as of writing (May 2026 — verify on each vendor's pricing page).

Feature	Obsidian	Filarr
Local use, personal	Free	Free
Commercial license	$50/user/year	Included in Solo/Pro
Cloud sync — entry tier	$5/month (Obsidian Sync)	€4/month (Solo, 10 GB)
Cloud sync — top tier	$10/month (Sync Plus, 100 GB)	€8/month (Pro, 50 GB)
Free trial of sync	None	30 days, 1 GB
Publish (public site)	$10/month	Not offered

Filarr's sync is cheaper at entry but caps lower on storage. Obsidian charges separately for commercial use; Filarr's Solo/Pro plans cover commercial use without extra licensing. For someone evaluating cost alone, neither is dramatically cheaper — both are well below Notion or Google Workspace.

Which one should you choose?

The decision tree, based on what matters most to you.

Pick Obsidian if:

You want a massive plugin ecosystem and you're going to customize heavily
You need mobile apps today (iOS, Android)
You need plain Markdown for long-term portability and tool-chain compatibility
You don't need native encryption — your threat model is satisfied by disk encryption or BitLocker
You want years of community resources, themes, and tutorials

Pick Filarr if:

You handle sensitive data — legal, medical, journalistic, research — and want encryption that doesn't depend on plugins or disk-level tools
You want files (PDFs, images, video) and notes in the same encrypted workspace
You need cryptographic isolation between profiles (one per client, one personal, etc.)
You want zero-knowledge cloud sync where the server cannot decrypt anything, even under subpoena
You prefer an auditable, eventually-Apache-2.0 desktop client over a closed-source app

It's also fine to use both. Obsidian for your public-ish, plugin-heavy notes; Filarr for the sensitive vault. They don't conflict — they target different ends of the spectrum.