I disabled password prompts but I don't understand how to use all the other stuff about reading config password (meaning RCLONE_CONFIG_PASS , set-rclone-password file, source set-rclone-password, --password-command, RCLONE_PASSWORD_COMMAND, passwordstore ...)
Here is the script I wrote in DSM task scheduler (Synology NAS) under the "Run command / User-defined script" section (screenshot at the end is just for you to see how looks like the Synology task scheduler GUI , the shown script in the picture is not the one I am talking about) :
If you just want to provide it on the command line then you can use --password-command "echo password" which isn't very secure or --password command cat /path/to/file/with/password
Ok, but I dont't want to store rclone config password in a file for security reasons (apart from rclone.conf file). I want to use one of the methods described in the docs, but I don't know which one is the most safe, and I don't really understand any of them.
I thought the following was the most secure, but I don't understand how to do:
An alternate means of supplying the password is to provide a script which will retrieve the password and print on standard output. This script should have a fully specified path name and not rely on any environment variables. The script is supplied either via --password-command="..." command line argument or via the RCLONE_PASSWORD_COMMAND environment variable.
One useful example of this is using the passwordstore application to retrieve the password:
If the passwordstore password manager holds the password for the rclone configuration, using the script method means the password is primarily protected by the passwordstore system, and is never embedded in the clear in scripts, nor available for examination using the standard commands available. It is quite possible with long running rclone sessions for copies of passwords to be innocently captured in log files or terminal scroll buffers, etc. Using the script method of supplying the password enhances the security of the config password considerably.
If you are running rclone inside a script, unless you are using the --password-command method, you might want to disable password prompts. To do that, pass the parameter --ask-password=false to rclone. This will make rclone fail instead of asking for a password if RCLONE_CONFIG_PASS doesn’t contain a valid password, and --password-command has not been supplied.
