What is the problem you are having with rclone?
Hi! I am a technical artist and I've been asked to deploy rClone to mount our GCS bucket. I've been messing around with the tool to figure out the nuts and bolts of it. I've been handed a client ID and Secret and have mounted the drive successfully but since I will have to deploy it around 50-60 times to other devices I figured I would just pack up the config with the software and plop it right to colleagues computers and just generate a new token for them afterwards and create a task in windows to execute a .cmd on login.
The issue is that the rclone config file stores the values in plain text. Okay - config password it is.
Except this will now require the password to mount the share. The problem is that I'd be stored as plain text in the batch file.
Here is the proper question then - is there an option to either set a different password for accessing the config and a different one for mounting? Have I missed something in the crypt documentation?
I guess my secondary idea would be to obfuscate the .cmd file with something like bat2exe or write a Python program and build it with pyinstaller?
I am sorry if I somehow missed an obvious answer here, I've been googling the topic for a FEW hours and further reading only stirs more confusion into me.
that is what i do, in addition, use upx to compress/scramble the .exe.
so the hacker would have to know upx was used, unpack the exe. and de-compile the .exe created by pyinstaller.
also, a cheap trick is to hide the password in a crypted state in the registry, not inside the .exe.
i do not use a rclone config file at all, the config is generated on the fly.
using a simple client/server model, whereby, the server creates, on the fly, a temporary session token that expires.
and that is what the client uses.
tho i use S3, the concept is the same, to lock down the bucket/folder with polices.
and write a script using rclone config create, to create a unique client_id per client machine.
I will have to look at automating rclone with Python, which could potentially save me tons of time per deployment AND help me make things server. Also cheers on the advice about UPX! This could be a game-changer for me!
Do you perhaps have an example of how to create a config file with Py?
i am not 100% sure about GCS credentials security when it comes to how it is set up and since I am not entirely confident I just want to be more safe than sorry
if you are going to script rclone and create remotes on the fly.
use service accounts
you can use IAM user/bucket polices to lock down. for example do end-users needs to delete files.
--- if not, remove that permission.
--- run rclone mount with --read-only