Rclone release 1.51 includes support for a new config
--password-command, documented at:
This article demonstrates how to use the Windows Powershell SecureString type and PSCredential to store your configuration file password securely in a file.
- Generate your secure password to a disk file (for the purprose of this example, U:\rcpw.txt):
Read-Host -Prompt 'Enter rclone configuration password' -AsSecureString | ConvertFrom-SecureString | Out-File -FilePath U:\rcpw.txt
- Create a Powershell script (for the purpose of this example, C:\xx\rcpw.ps1) to return the decrypted password from the file you created in the previous step (notice how this file is referenced in the -Path parameter). Contents of C:\xx\rcpw.ps1:
(New-Object -TypeName PSCredential -ArgumentList @( 'user', ((Get-Content -Path U:\rcpw.txt) | ConvertTo-SecureString))).GetNetworkCredential().Password
- Test it:
rclone -vv --password-command "powershell C:\xx\rcpw.ps1" about remote:
- Once this works, you can default the password-command parameter via setting the environment variable
- From then on you can use the rclone command without having to enter your configuration file password.
Decryption only works under the same WIndows user/PC that created the encrypted file.
UTF8 encoding warning
I tried this with an rclone configuration password that contained 'special characters' (in my case it was some German 'ü's). I would receive the following error from rclone in trying to use the Powershell script:
incorrect password: password contains invalid utf8 characters
I was able to get around this by using the following:
[Console]::OutputEncoding = [Text.Encoding]::Utf8
However, this goes well beyond my limited knowledge of Powershell, so user beware!