Encrypted sync from commandline

Help and Support
1

What is the problem you are having with rclone?

I have trouble finding the right combination of commands and flags to perform the following task (if possible at all) . Yes I read all suggested posts.

  • use in batchfile
  • do not use config file, all should be on the fly
  • the source is unencrypted
  • the destination is crypted
  • the password should be given as parameter

sync c:\source to d:\destinationcrypted using password XYZ

Background :
I want to run a batchfile from a USB drive that quickly syncs a local folder encrypted to the USB drive, but will ask for a password ( via SET /p, or better, interactively asked for by rclone) .

Run the command 'rclone version' and share the full output of the command.

rclone v1.64.0

  • os/version: Microsoft Windows 10 Pro 22H2 (64 bit)
  • os/kernel: 10.0.19045.3448 (x86_64)
  • os/type: windows
  • os/arch: amd64
  • go/version: go1.21.1
  • go/linking: static
  • go/tags: cmount

Which cloud storage system are you using? (eg Google Drive)

none, local FS

The command you were trying to run (eg rclone copy /tmp remote:tmp)

I could imagine ( example only) :

rclone sync --crypt-password ABCDE c:\source c:\destinationcrypted

Alternatives looked at : use rclone config create/update/delete but this would still create a config file.
Fallback : stick with config file, and update path and crypt password using rclone config update

Please run 'rclone config redacted' and share the full output. If you get command not found, please make sure to update rclone.

no config file

A log from the command that you were trying to run with the -vv flag

n.a.
1 Like
2

welcome to the forum,

no need for config file, can create an on-the-fly remote,
using connection strings, using environment variables, or using flags.
many, many examples in the forum,

on windows

set RCLONE_CONFIG_CRYPT_TYPE=crypt
set RCLONE_CONFIG_CRYPT_REMOTE=remote:path
set RCLONE_CONFIG_CRYPT_PASSWORD=cutxGrFvkwZGaAxhwt_lVsLCdFUkpTgz
set RCLONE_CONFIG_CRYPT_PASSWORD2=vxJ3MRqZgw_4DPq
rclone ls crypt:

on linux

export RCLONE_CONFIG_CRYPT_TYPE=crypt
export RCLONE_CONFIG_CRYPT_REMOTE=remote:path
export RCLONE_CONFIG_CRYPT_PASSWORD=cutxGrFvkwZGaAxhwt_lVsLCdFUkpTgz
export RCLONE_CONFIG_CRYPT_PASSWORD2=vxJ3MRqZgw_4DPq
rclone ls crypt:
2 Likes
3

Thank you, this is what I was looking for.

For those reading along that would be
export RCLONE_CONFIG_CRYPT_TYPE=crypt etc for Windows.

Really I could not find that searching for environmental variables

1 Like
4

welcome

i re-edited my initial post, to include examples for both windows and linux

yeah, good point. now, i realize the examples are hard to find, as you need to know to search for
RCLONE_CONFIG_
and then would find another example.
https://forum.rclone.org/t/s3-source-destination-named-profile/17417/6

5

Now I only have one problem left : If I ask for a plaintext password to be typed in, how do I get it encoded to match the output of the regular rclone config?

For example : plaintext password = abcde

then i should set the environment variable to the crypted password
RCLONE_CONFIG_CRYPT_PASSWORD=cutxGrFvkwZGaAxhwt_lVsLCdFUkpTgz

As far as I can see there is no backend command that does this, correct?

Reading Crypt I doubt it is possible at all what I want. My scenario should be portable, with no config stored on the USB disk.

  • Plugin your USB disk
  • Start batchfile
  • Enter password/salt in plaintext
  • Local FS is available as crypted remote.
  • Start syncing or whatever.
6

https://rclone.org/crypt/#crypt-password

7

So I do understand i need to obscure the plaintext
rclone obscure MYPASSWORD

But really I do not understand why I would need to apply the --crypt-password flag since obscure already crypts it, as from manual :
Obscuring them is done by encrypting them and writing them out in base64.

So I would expect : Get plaintext password -> obscure -> set as environment variable

Any subsequent rclone commands on the crypted remote would be ok since the env.var. is set.

So I would not need to apply the --crypt-password option, correct?

Or am I missing a conceptual step here.

8

correct, so now should do some testing...

9

Ok here we go (for windows)

TLDR : insert usb drive, run script, provide password, and do your rclone copy stuff

This file is init.cmd , it will

  • ask for a password
  • create a remote usbcrypt77: on folder x:\RCLONEBACK where x is the drive the script started from
  • in order to keep the command window open, you should wrap it in lauchrclone.cmd (see bottom)
@echo off

:: Ask for a password
set /p PASSW=Enter password:
cls

set RCLONE_USBCRYP_NAME=usbcrypt77

:: Get the current drive for mapping the remote
set CURRENT_DRIVE=%CD:~0,2%

:: Check if the RCLONEBACK directory exists
IF EXIST "%CURRENT_DRIVE%\RCLONEBACK" (
    echo Directory RCLONEBACK exists.
) ELSE (
    echo Directory RCLONEBACK does not exist, creating
    mkdir %CURRENT_DRIVE%\RCLONEBACK
)

:: clear if any
set RCLONE_CONFIG_%RCLONE_USBCRYP_NAME%_TYPE=
set RCLONE_CONFIG_%RCLONE_USBCRYP_NAME%_REMOTE=
set RCLONE_CONFIG_%RCLONE_USBCRYP_NAME%_PASSWORD=
:: salt
::set RCLONE_CONFIG_%RCLONE_USBCRYP_NAME%_PASSWORD2=

:: Set up the remote
set RCLONE_CONFIG_%RCLONE_USBCRYP_NAME%_TYPE=crypt

:: Set path 
set RCLONE_CONFIG_%RCLONE_USBCRYP_NAME%_REMOTE=%CURRENT_DRIVE%\RCLONEBACK

:: Set password
FOR /F "tokens=* USEBACKQ" %%F IN (`rclone obscure %PASSW%`) DO SET RCLONE_CONFIG_%RCLONE_USBCRYP_NAME%_PASSWORD=%%F

prompt Rclone %RCLONE_USBCRYP_NAME%: mounted on %CURRENT_DRIVE%\RCLONEBACK $G
rclone size %RCLONE_USBCRYP_NAME%:
echo You may now use any rclone command, type exit to quit when done

launchrclone.cmd

@echo off
echo Starting RCLONE wrapper
cmd /k init.cmd
10

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.