Rclone cooy file to GCS bucket with encryption

Hi Everyone,
I am looking for feature where I wanted to files from on prem to gcs bucket , the requirements is as per our security guidelines before copy the file to gcs it should be encrypted and once it is arrived in gcs it will decrypted so the file can be used by our application if there is option of compression that will also help as I wanted to push the file using proxy.

rclone can crypt files on local machine and copy to cloud.
but the file remains crypted in cloud at rest.

or what i do, 7zip the local files and copy that to cloud, but again, files are crypted at rest.
have you app decrypt the .7z and process it

rclone mount can have a crypted remote appear as decrypted local storage, have you app use that.

1 Like

And what's great is that if you are using a script to upload and want to automate, 7zip has a great command-line tool.

"C:\Program Files\7-Zip\7z.exe" a D:\sdsdfile.7z -psecret -mhe D:\test\

In this example, the password is "secret".

a= archive
p= password
mhe = encrypts archive headers, file names encrypted

More on 7zip encryption

Thanks I will check this , another query as per our security guidelines they also ask us encrypted transition when we copying the files to gcs bucket , I mean the transition should be encrypted until? the data reached to gcs , is rclone providing this king transition

Yes, rclone will use https to transfer the data which means it is encrypted in transit.

1 Like

Given rclone encrypts on transit, perhaps the extra step to encrypt and decrypt on the remote is unnecessary.

Ok so using rclone encryption data will encrypted during transition and once data copied to gcs it will in original form , the reason is our developers want they will encrypt and compress the data on client server using there code and rclone only transfer data to gcs using encryption transist as per our sexual guidelines ?

One more question as gcs transition requires internet do we have option in rclone config for this specific transaction we can set proxy to reach gcs ?

the file is crypted during transition using https, that has nothing to do rclone encryption.
same as when logging into your online bank account.

no, as using rclone client-side encryption, once a file is uploaded, the file is crypted at rest.
rclone crypted the file, so only rclone can decrypt the file.

so if some hacker were to download the file, it is useless to them.
they do not have the password(s) to decrypt.

this gets confusing, but technically, using rclone encryption, the file is actually crypted twice at rest.
once by rclone, once by gcs


This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.