Do I still need Cryptomator while `rclone crypt` already exists?

wawan-ikhwan · June 8, 2025, 7:43pm

So basically I mount remote storage where the files that sit on remote must be encrypted. So, unauthorized entities only see .c9r format (Cryptomator encrypted file) in the remote side.

I heard that Rclone turns out already provide rclone crypt?

Is it what I expected? Which is when I move a file from local to the mounted folder (remote), the file will be encrypted? And when I move the file from mounted folder to local, it will decrypted automatically?

So, if I list the directory where it's mounted, it will shows up as plain file. While in the remote side, e.g. Google Drive directory list in web app, shows encrypted file.

If the rclone already provide it, why do I still need cryptomator?

asdffdsa · June 8, 2025, 7:49pm

with rclone, there are two modes to access the files.

mounting the crypted files, same as with cryptomator. rclone mount crypted_remote: ~/mount
direct operations on the crypted files. without the overhead, complexity of mounting.

rclone copy file.ext crypted_remote:
rclone copy crypted_remote:file.ext file.ext
rclone ls crypted_remote:

correct

wawan-ikhwan · June 8, 2025, 8:23pm

So, I don't need cryptomator right?

Avraham_Adler · June 8, 2025, 8:39pm

Correct, you do not need it. You can create a remote, and then create an encrypted folder/bucket on that remote, and store your passwords (and salts for that matter) in your rclone.conf, in which they are hashed. Then, when you run sync/copy, it's "seamless" from your perspective, other than the extra overhead of encrypting the files on your end. But don't lose your password/salt, because all the remote sees is the encrypted blob.

Edit

Look at my configure here: You see I have crypt buckets. Those are naturally encrypted. I even have one which encrypts and then compresses.