Can I use rclone with a key instead of cloud storage logon?

normangl · August 8, 2019, 10:15am

What is the problem you are having with rclone?

I'm hoping to use rclone on a CI server machine which automatically builds projects in our develop branch, then produces an .ipa application file with screenshots and then posts the output to cloud storage.
Can I run 'rclone configure' with a key instead of someone having to login to their personal cloud storage account on the CI machine? This is because CI servers don't run in an individuals account.
Can I login on my own computer first to get the secure key for rclone and then use the same key on the CI server without needing to login to my personal cloud drive on the CI server?
We just need a key for rclone to be able to securely copy application files & screenshots to a shared cloud drive.

What is your rclone version (output from `rclone version`)

rclone v1.48.0

os/arch: darwin/amd64
go version: go1.12.6

Which OS you are using and how many bits (eg Windows 7, 64 bit)

Mac OSx Mojave v10.14.4
64-bit

Which cloud storage system are you using? (eg Google Drive)

Google Drive
OneDrive

The command you were trying to run (eg `rclone copy /tmp remote:tmp`)

rclone copy /googleDrive:ProjectName/GitHubJobID

A log from the command with the `-vv` flag (eg output from `rclone -vv copy /tmp remote:tmp`)

ncw · August 8, 2019, 10:20am

You can use a service account on Google drive for this, however...

This method is probably easier. Configure rclone how you want on your local machine then copy the config file to the CI server.

You can encrypt the config file and set RCLONE_CONFIG_PASS in the secrets. This is exactly what I do for the rclone CI and is how the rclone binaries get deployed.

normangl · August 8, 2019, 10:40am

Thanks for your prompt response.
Sounds promising.
How do I get a copy of the config file from my machine?

Is there a time limit on rclone keys, so that my server can continue running rclone forever?
Also, can the same encrypted config file be deployed onto multiple CI servers in months or even years down the road, as our team and number of CI servers expands?

I trust rclone can give access to only a single shared folder on the Google Drive and will not be able to delete anything other than copying data?

ncw · August 8, 2019, 10:48am

You'll find the config at rclone config file

With google drive it contains a refresh key which will keep working indefinitely. If you don't use the refresh key for some large period of time then it will expire but for drive this is very long (a year maybe?). Some providers like box it is a bit shorter like a month. However if you keep using the config it should keep working.

If you are using drive/onedrive you should allow rclone to modify the config and save the modified version if possible. If you don't do that then the refresh token will expire eventually.

Using a service account might be preferable as these don't expire and you won't need to save the modified config.

Sure.

That depends on exactly how you set up the oauth. These are the options with drive

Choose a number from below, or type in your own value
 1 / Full access all files, excluding Application Data Folder.
   \ "drive"
 2 / Read-only access to file metadata and file contents.
   \ "drive.readonly"
   / Access to files created by rclone only.
 3 | These are visible in the drive website.
   | File authorization is revoked when the user deauthorizes the app.
   \ "drive.file"
   / Allows read and write access to the Application Data folder.
 4 | This is not visible in the drive website.
   \ "drive.appfolder"
   / Allows read-only access to file metadata but
 5 | does not allow any access to read or download file content.
   \ "drive.metadata.readonly"

You probably want drive.file here.

You can limit rclone to a single folder by using the root_folder_id in the config.