Librclone config_encryption

Hello!
How can i use configuration-encryption (Documentation) when using librclone?

hello and welcome to the forum,

you want to encrypt the rclone config file programmability?
as far as i know, rclone does not do that.
https://github.com/rclone/rclone/issues/3241

i have a bash script that uses autoexpect which will encrypt the config file.

When i use rclone tool and in rclone config add password, i can add --password-command with bin which return password for encryption. Can i do something like this when i use rclone? Or i can use only decrypted rclone.conf file when using librclone?

I have my rclone config in an untrusted/shared server, however I don't store anything sensitive in the remotes because of this risk. However I still wanted some basic assurance that my rclone config would be encrypted at rest.

My solution was to use gocryptfs and store the rclone config in there. I also symlink .config into the unencrypted path that gocrypt mounts after unlocking the folder, however if you can pass the config path in librclone you could store the rclone.conf directly in the gocrypt unlocked directory.

When I start a new session the shared server, I just run a script called init.sh that basically unlocks the gocrypt and prompts for the password, launches the rclone mount using the now unencrypted rclone.conf and sets up other things in the environment. This configuration will run for months unless the server is rebooted for maintenance, and the rclone.conf is encrypted within the gocryptfs directory.

a root user could su into my userspace and read the rclone.conf while it's running, however that's acceptable in my risk profile. If the root user just did a copy of my user profile, since gocryptfs mounts via fuse in user space, they would only read the encrypted version.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.