Question about encryption and swap (or cache?)

I'm new here, so I'm sorry if this is the wrong forum for my question because it's not about a specific problem but instead concerns how rclone encryption works since I'm trying to understand it:

My intention is to have a setup with an encrypted "local remote" (weird but correct term?) which I then backup to my google drive. That is, I want to store the data encrypted (and backed up) but since it is decrypted when I access it locally, I would like to know how it is treated when mounted? Can decrypted data remain in my swap partition or elsewhere afterward?

If swap is used and it's an SSD drive a complete wipe is of course even more demanding. Obviously any application I use to open files might put the data unencrypted in swap (or application-specific temp files for that matter) but what does rclone do?

I might be wrong but if I've understood it correctly, e.g. Whonix works in such a way that once the VM is shut off, any temporarily decrypted data cannot be retrieved by forensic tools either but in order to make encrypted data available to Whonix, the encrypted rclone remote has to be mounted. If it's on the host, what happens? Could I safely mount an encrypted remote, access it through Whonix and after shutting off the VM be reasonably sure that nothing sensitive that was decrypted can be recovered afterward?

Or if I instead of mounting, copy the data and then delete the unencrypted data later, I presume that it's a "regular" how to wipe data issue which Whonix deals with when shutting off the VM. Mounting is of course more convenient, though.

Rclone has no particular control over whether data gets put into swap or not. It buffers file data for short periods only so its probably unlikely but not impossible.

If you are using any vfs cache modes higher than --vfs-cache-mode off (the default) then rclone may buffer file data in its cache directory. You can see where that is with rclone config paths.

Is it possible to set the paths in the config file? I know that I can set them as environment variables (I did it and tested rclone config paths) but can't figure out how to do it in the config file (if it can be done...).

Not currently, no.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.