Is it possible to add encryption during a "Server Side Copy"

I have a large amount of data on ACD that is unencrypted.
Is it possible using the “Server Side Copy” function to add encryption to the data?

Alas, no it isn’t possible :frowning:

Thanks for the reply.
In looking at all of the docs it did not look like it was possible, but figured it was worth asking about just to be sure :slight_smile:

Instead of downloading everything, encrypt and upload again, how about do a server-to-server transfer with rclone, then encrypt everything back to the original cloud storage? Just a thought :slight_smile:

Good idea, and you could do this on an EC2 instance and you might even get the transfer for free (but not 100% sure about that - not an AWS expert :wink:

Not sure I follow you here…

So I would need to create an EC2 instance (like ncw suggested) and then do a server-to-server transfer to that EC2 instance. Then encrypt the data before I push it back to Amazon Cloud Drive?

Right, that way you can take advantage of faster upload/downloads speeds and not having to worry about your home network bandwidth. You can either do a new instance on EC2 or spin up a VPS with one of the many VPS providers that provide unlimited transfer.

OK, that’s what I figured you meant.
I’m already on a dedicated on in a datacenter so bandwidth isn’t an issue.
I’m just trying to work out how to handle downloading 30TBs of ACD storage, encrypt it, and then push it back up with a box that has 2TBs of storage.

See that’s the point, you don’t need to download anything to your box. rclone supports direct cloud storage to cloud storage transfer. You could do this by opening another (temp) Amazon Drive, transfer your files from your original Amazon Drive to the temp one, and on transferring back to your original one, do the encryption.

OK, so 'Server-Side-Copy" doesn’t support encrypting non-encrypted content, but copying content from one provider to another you can encrypt on-the-fly. I didn’t realize that

Does the encryption on work with crypt or can I use EncFS?

Server side copy comes into effect when you copy something in the same provider, so if you do

rclone copy acd:dir1 acd:dir2

that is an opportunity to use server side copy. Amazon cloud drive doesn’t support server side copy anyway though, but other remotes do.

If you set up a crypted remote on your ACD lets say pointing at acd:secret called secretacd

I’d use the web interface to move all the current content into a subdirectory called unencrypted. Then you would do

rclone copy acd:unencrypted secretacd:

rclone will download stuff and upload it again, encrypting on the fly.

That would only work with crypt. If you wanted to use EncFS you’d need to download it all locally I think.

I think I have it now;

I’m currently copying the data to google drive
rclone copy ACD:data GD:data

Once that is done I will create an ACD crypted remote and then run
rclone copy GD:data ACD-SECRET:

I just need to read how to create the crypted remote on ACD :slight_smile:

1 Like

That seems inefficient as you’re copying it twice. You should able to do it without copying to gdrive first.

How you would you suggest I do it then to get the existing unencrypted data on ACD encrypted?

  1. Move all your unencrypted files to a new folder using the web browser (such as acd:unencrypted)

  2. Create a new Amazon Cloud Drive remote (if you haven’t already done so), I would call it “acd:”

  3. Create a new crypt remote, I would call it “acd-crypt:” . For the “source”, enter “acd:encrypted”.

  4. copy with rclone: rclone copy acd:unencrypted acd-crypt:

I’m having a brain freeze here, wondered if someone could help.
I have:

  • gd: as an unencrypted mount of my Google Drive
  • crypt is a folder in Google Drive’s root
  • gd-crypt mounts gd:crypt

For testing purposes I want to synchronise the encrypted TV folder (which is always more current) to the unencrypted one and ideally don’t want to have to down and re-up.

rclone copy -v gd-crypt:TV/ gd:TV/

The command above seems to down and re-up but wondered if I was missing a trick here?