It is possible to have crypt remotes whose password are stored in plain text on the config file?

I am reading the documentation of Crypt and, from it, I understand that we can either:

  • have the password "lightly encrypted"
  • or "heavily encrypted" (using configuration encryption)

So my first question is: why can't we have it "raw"? I fully trust the computer that I run rclone, I don't trust the remotes ;-; And I am super scared of forgetting my password.

Second, if we can have it "raw", how? Is there some sort of experimental flag that I can turn on?

well, two different things, one has nothing to do with the other.

crypt password(s) are stored in obscured forum, not encrypted.
very easy to de-obscure them.

by default, the config file is a plain text file. if someone gets the text file, they can easily steal the contents.
optionally, to protect against that, can encrypt the entire config file with a password.

then do not encrypt the config file.

Kinda effectively the obfuscated string in the config file is the password. You can copy that to a new file and it will work.

It's not "password123" but it's effectively the same thing.

So keeping a secure copy of the config file will always be enough to be able to decrypt the files.

100% correct. Security by obscurity unfortunately but original design decision now became massive legacy.

Here you have simple code to de-obscure it in case you need it.

1 Like

actually, rclone itself can de-obscure the password.
so security by obscurity is ever less secure.

1 Like

Hahaha. "Secret" command - this is truly proper obscurity:)

Mannn, we really should consider documenting this command

There is a discussion in this issue, which didn't get a conclusion. Feel free to throw in some good arguments either way... :slight_smile: