I am trying to install rclone as a desktop application into a user's PC ( rclone mount ) and I don't want to store the access_key_id and secret_access_key in the rclone.conf file in the end user's PC (as this is a security concern). Is there another alternative where I can use rclone mount without providing access_key_id and secret_access_key .
My work around:
- Server side: Expose a new REST api which returns AWS S3 signature (V4 signature).
- In rclone.conf add v2_auth = true
- Modify backend/s3/v2sign.go (the sign method) and set the signature headers.
req.Header.Set("X-Amz-Content-Sha256", "value returned from server") req.Header.Set("X-Amz-Date", "value returned from server") req.Header.Set("Authorization", "value returned from server")
But the problem here is that , for every GET , HEAD , LIST, PUT and DELETE etc I need to call the new REST API and get the signature which is an overkill.
Is there a secure way to make rclone mount work without providing access_key_id and secret_access_key . Thanks.