Rclone is a command line cloud storage synchronizer that allows you to access and synchronize files between file systems and cloud storage services or between multiple cloud storage services. The Web GUI also provides the latest version, as well as third-party GUIs such as Rclone Browser. This tool supports many cloud storage providers, such as Amazon S3, Box, Dropbox, Google Drive/Photos/Cloud Storage, Mega, Microsoft, OneDrive (for individuals and enterprises), pCloud, Yandex Disk, etc. Applicable to Windows, macOS, Linux and * BSD. This article describes how to use Rclone to encrypt cloud storage files from a remote location (remote is a cloud storage provider configured with Rclone). Suppose you have added some cloud storage providers to the Rclone configuration. If not, please download, install and run Rclone. rclone config , Select New remote Add Google Drive, OneDrive or any other cloud storage supported by Rclone.
For encryption, crypt Rclone remote. Please note that from the beginning, only files copied/synchronized to the encrypted remote control will be encrypted, so you can still upload unencrypted files as before. This also means that files previously uploaded to cloud storage will not be encrypted. Unless you delete a file from cloud storage and store it in a new encrypted remote, it will not be encrypted.
The Rclone crypt option can encrypt files, file names (standard file name encryption or simple file name confusion) and directory names. The file length and modification time are not encrypted.
Also, check out Cryptomator, another cross platform tool for encrypting cloud storage (and other) files.
First, I'll explain how this works, and then show you how to use Rclone to encrypt cloud storage files.
Suppose you have a backup.tar.gz On my computer, upload encrypted files to a folder called OneDrive Backup. For this purpose, Rclone crypt remote( encrypted: )Remote path with encryption set to onedrive:Backups ..
If you copy this backup.tar.gz Archive to encrypted: Will be encrypted and uploaded to the OneDrive backup folder.
rclone copy backup.tar.gz encrypted:
Then file onedrive:Backups Remote folder, this file will appear encrypted.
rclone ls onedrive:Backups 57480 aj7e9bv453dhpfdgskvieqmrtc
If you are listing files encrypted: Remote, I can decrypt and view this file:
rclone ls encrypted: 57432 backup.tar.gz
If you need this file, you can copy it to your computer from the following location: encrypted: Remote (the file is decrypted and copied to my computer, as shown below ~/ This is your home folder):
rclone copy encrypted:backup.tar.gz ~/
So, whenever you want to access this file, encrypted: Remote control via Rclone. On the OneDrive website, this file has been encrypted, and can only be used after being decrypted using Rclone crypt remote (that is, Rclone's cross platform Qt GUI, Rclone browser, encrypted remote files and encrypted files). It supports Rclone configuration files, so you can continue to use encrypted files.
Create an encrypted Rclone remote to store files in the cloud
1. Open the terminal, and then type the following to create a "crypt" Rclone remote server.
rclone config
Then, you will be asked what to do next.
e) Edit existing remote n) New remote d) Delete remote r) Rename remote c) Copy remote s) Set configuration password q) Quit config e/n/d/r/c/s/q> n
get into n Create a new remote control.
2. Next, you will be asked to enter the name of the new remote control I. encrypted name:
name> encrypted
3. Next, you need to select the storage type to configure.
Type of storage to configure. Enter a string value. Press Enter for the default (""). Choose a number from below, or type in your own value .............. 10 / Encrypt/Decrypt a remote "crypt" ........ Storage> crypt
type crypt Create a new encrypted storage type.
4. Next, you need to enter the remote path for encryption/decryption. For example, if you create a remote control called OneDrive onedrive , and the content you want to encrypt Backups Folders in this OneDrive remote control, using onedrive:Backups here:
Remote to encrypt/decrypt. Normally should contain a ':' and a path, eg "myremote:path/to/dir", "myremote:bucket" or maybe "myremote:" (not recommended). Enter a string value. Press Enter for the default (""). remote> onedrive:Backups
All content in the path you enter here will be encrypted, and all external content will not be encrypted.
If you don't know how to call the cloud storage remote server, you can open a terminal and enter it to list all the remote servers configured in Rclone.
rclone listremotes
5. The next step is to choose how to encrypt the file name. You can choose to use standard simple file name confusion or choose not to encrypt the file name. Please note that standard file name encryption will generate longer file names, and some cloud storage providers may limit the length of file names. Select the option that best suits your needs (I selected the following criteria).
How to encrypt the filenames. Enter a string value. Press Enter for the default ("standard"). Choose a number from below, or type in your own value 1 / Encrypt the filenames see the docs for the details. "standard" 2 / Very simple filename obfuscation. "obfuscate" 3 / Don't encrypt the file names. Adds a ".bin" extension only. "off" filename_encryption> standard
6. In the next step, you can also select the encrypted directory name (type true or one ), or ignore (type false or two ):
Option to either encrypt directory names or leave them intact. Enter a boolean value (true or false). Press Enter for the default ("true"). Choose a number from below, or type in your own value 1 / Encrypt directory names. "true" 2 / Don't encrypt directory names, leave them intact. "false" directory_name_encryption> true
7. Next, you will be prompted to enter a password or generate a random password for the encrypted cloud storage file. Please remember the password. The password is stored in the Rclone configuration file (you can encrypt it, as described later), so you don't have to enter the password every time you access the encrypted file, in case you lose the Rclone configuration, you need this password to decrypt your cloud storage file.
My Password( y )In this case, I must enter the password twice.
Password or pass phrase for encryption. y) Yes type in my own password g) Generate random password y/g> y Enter the password: password: Confirm the password: password:
8. Then input salt password (or generate random password) or leave it blank. Rclone uses the second password in combination with scrypt, so it is unrealistic to launch dictionary attacks on Rclone encrypted data. We recommend setting a password to provide full protection.
I enter here g , tell Rclone to generate a random password.
Password or pass phrase for salt. Optional but recommended. Should be different to the previous password. y) Yes type in my own password g) Generate random password n) No leave this optional password blank (default) y/g/n> g
9. Rclone will generate a password and then prompt you to enter the password strength. 1024 is recommended for maximum password strength.
Password strength in bits. 64 is just about memorable 128 is secure 1024 is the maximum Bits> 1024
10. Rclone displays the generated password and asks if you want to use it (type y Or press Enter If the new password is confirmed, enter the key). Please remember the password again. Please save it in a secure place, such as the password manager (Bitwarden is recommended).
Your password is: A-very-long-password-generated-by-rclone Use this password? Please note that an obscured version of this password (and not the password itself) will be stored under your configuration file, so keep this generated password in a safe place. y) Yes (default) n) No y/n> y
Rclone print configuration and ask whether everything is normal Enter To check it:
Remote config -------------------- [encrypted] type = crypt remote = onedrive:Backups filename_encryption = standard directory_name_encryption = true password = *** ENCRYPTED *** password2 = *** ENCRYPTED *** -------------------- y) Yes this is OK (default) e) Edit this remote d) Delete this remote y/e/d>
How to encrypt Rclone configuration files
The Rclone encryption password is stored in the configuration file and is slightly hidden. To protect this, we recommend encrypting the Rclone configuration file.
This is very easy to do through Rclone configuration. Type:
rclone config
It shows the currently configured remote control and some options.
e) Edit existing remote n) New remote d) Delete remote r) Rename remote c) Copy remote s) Set configuration password q) Quit config e/n/d/r/c/s/q> s
type s Press Enter Set the key for the configuration password.
The following screen will appear:
Your configuration is not encrypted. If you add a password, you will protect your login information to cloud services. a) Add Password q) Quit to main menu a/q> a
type a Prompts you to enter the Rclone configuration password.
Enter NEW configuration password: password: Confirm NEW configuration password: password: Password set Your configuration is encrypted. c) Change Password u) Unencrypt configuration q) Quit to main menu c/u/q> q
After entering the new Rclone configuration password twice, type: q Stop.
-->
