Possible to set a password for the rclone config file without using rclone config (2)?

Hi,

this feature has already been asked for in 2019:

and now we would really like to have this, too.
I suspect it's still not done, and I do sadly not have the time to implement it myself.

We are currently trying to use RCLONE programmatically (as a background tool/service) to access data in the cloud.
Since we need to create a config file (on-the-fly) to run RCLONE, we're always trying to delete it again after everything is done.
But while RCLONE is running, or if the deletion of the config file fails for some reason, any untrusted person could still access that config file and misuse it.

So, it would be great to have an additional command line parameter and not to go through the UI.

Thanks.

You'd need to make an issue on github as that post it doesn't look like it was important enough for the user to do that..

hello and welcome to the forum

there are a number of ways to create an on-the-fly remote without using rclone config

set rclone_config_thecrypt_type=crypt
set rclone_config_thecrypt_remote=remote:bucket
set rclone_config_thecrypt_password=HUyhY3m22xkhhgPZLxDOM5cBU2uQaMdD
set rclone_config_thecrypt_password2=XczRxwUV7b-HCJ5Ei9j_CDF7CKsFDLLU
rclone lsd thecrypt:
  • python - simplifed example
RcloneEnv = {}
RcloneEnv["RCLONE_CONFIG_REMOTE_TYPE"]=
RcloneEnv["RCLONE_CONFIG_REMOTE_ACCESS_KEY_ID"]=
RcloneEnv["RCLONE_CONFIG_REMOTE_SECRET_ACCESS_KEY"]=
RcloneEnv["RCLONE_CONFIG_REMOTE_SESSION_TOKEN"]=
RcloneEnv["RCLONE_CONFIG_REMOTE_ENDPOINT"]=

subprocess.run('rclone lsd remote:' , env=RcloneEnv[)

OP isn't asking to create a remote on the fly as they are asking how to encrypt the config without going into rclone config.

Currently now, I thought you had to go into rclone config to encrypt the configuration. I don't use that so I'm not actually sure if that's true or not true.

sure, i understand that.

this is a first time poster.

i was sharing methods for the creation of temporary, on-the-fly remote without using rclone config.

without a config file.
--- there is no need for password protection.
--- no worries about leaving behind an orphaned config file.

Sure, but that is not the question being asked. OP is asking for a feature to encrypt the config without using rclone config.

Thanks for the reply,

but creating a simple text file with all the necessary entries is not a/the problem.
We would like to encrypt the file after creation.

RCLONE does support this already, but one can only set a password (encrypt the config file) by running RCLONE config. This walks you through an interactive question/answer list.

CU,
steinbohrer

So as I shared, the first step is logging a feature request.

Yep, will do that.

...will also look into using those environment variables, if I can make sure they are only valid in the RCLONE process and can not be read from the "outside".

hope i am not going too off-topic.
if true then sorry, please just ignore this post but it might help other rcloners.
if it is of use, please let me know.

i agree that your suggested feature should be implemented.

until that happens, i used autoexpect to create crypt.rclone.config.file.exp, lightly edited,
which will crypt the config without using rclone config.

#!/usr/bin/expect -f

set force_conservative 0  ;# set to 1 to force conservative mode even if
			  ;# script wasn't run conservatively originally
if {$force_conservative} {
	set send_slow {1 .1}
	proc send {ignore arg} {
		sleep .1
		exp_send -s -- $arg
	}
}

set timeout -1
spawn rclone config --config=/home/user01/rclone/scripts/test.conf
match_max 100000
expect -exact "Current remotes:\r
\r
Name                 Type\r
====                 ====\r
\r
e) Edit existing remote\r
n) New remote\r
d) Delete remote\r
r) Rename remote\r
c) Copy remote\r
s) Set configuration password\r
q) Quit config\r
e/n/d/r/c/s/q> "
send -- "s\r"
expect -exact "s\r
Your configuration is not encrypted.\r
If you add a password, you will protect your login information to cloud services.\r
a) Add Password\r
q) Quit to main menu\r
a/q> "
send -- "a\r"
expect -exact "a\r
Enter NEW configuration password:\r
password:"
send -- "supersecretpassword\r"
expect -exact "\r
Confirm NEW configuration password:\r
password:"
send -- "supersecretpassword\r"
expect -exact "\r
Password set\r
Your configuration is encrypted.\r
c) Change Password\r
u) Unencrypt configuration\r
q) Quit to main menu\r
c/u/q> "
send -- "q\r"
expect -exact "q\r
Current remotes:\r
\r
Name                 Type\r
====                 ====\r
\r
e) Edit existing remote\r
n) New remote\r
d) Delete remote\r
r) Rename remote\r
c) Copy remote\r
s) Set configuration password\r
q) Quit config\r
e/n/d/r/c/s/q> "
send -- "q\r"
expect eof