Rclone mount with configuration password?


#1

hi,

i have rclone mount working for me, but it requires me to type in my configuration password because my configuration file is encrypted.

is there a way of executing a rclone mount without typing the password?

edit: i should clarify, i mean other than putting my password in a plaintext file, which defeats the purpose.

thanks


#2

This bit from the v1.35 docs might give you some ideas…

If it is safe in your environment, you can set the RCLONE_CONFIG_PASS
environment variable to contain your password, in which case it will be
used for decrypting the configuration.

You can set this for a session from a script. For unix like systems
save this to a file called set-rclone-password:

#!/bin/echo Source this file don't run it

read -s RCLONE_CONFIG_PASS
export RCLONE_CONFIG_PASS

Then source the file when you want to use it. From the shell you
would do source set-rclone-password. It will then ask you for the
password and set it in the envonment variable.


#3

Thanks. I had read this.

It may be a bit off-topic from rclone, but is there anyway to make this work without storing the password in plain text?


#4

The proper way of doing this would be to use an agent to store the password.

You could use gpg-agent to store the password for a gpg key which you use to decrypt a file containing the rclone password.

Or use your platform’s password manager which probably has an API for doing that sort of thing.


#5

that’s what i was looking for. sounds good. thanks


#6

Hi ncw, thanks for all your work on rclone!

I’ve tried to find documentation and guides to set up gpg-agent but haven’t found anything that covers setting up passwords and using gpg-agent in scripts for cron.

Do you know of any good documentation for that?


#7

Not off the top of my head - no.

To use gpg-agent with cron you’ll need to get the right environment into cron which will be tricky.

I’m not sure it is worth it to be honest, as you’ll need to run the gpg agent so someone could use it to decrypt your password at any time.


#8

Okay, then there’s really no reason to encrypt the config right? If I store the password in plaintext in a .sh?

If someone has gotten into my box and can access my ~ I’m pretty much screwed anyway.


#9

You can add layers of obfuscation, but the problem is impossible to solve :frowning:


#10

Don’t want to dig an old topic, but I found this thread while searching and I thought it would be better than opening a new thread.

I have encrypted my configuration file, and would like to pass the password as an argument when using rclone.

Example: rclone --config A --password=“ABC” delete ETC

Is this possible?

This would be within an obfuscated file, so I would prefer this approach over the saving the password externally.

Thank you!


#11

Use the environment variable RCLONE_CONFIG_PASS


#12

Hi! How can I do this on Windows? I’ve tried to set an enviroment variable in Windows, but It didn’t work.
Thanks!


#13

In the cmd window or .bat script you should be able to do

set RCLONE_CONFIG_PASS=mypassword
rclone ....

I think that is right (I don’t use Windows much).


#14

Thanks for your help! It’s working now!


#15

@ncw, I got it using AxCrypt.

I already used AxCrypt to encrypt my files. So one of the first things I do after logging in is typing my AxCrypt password.

I made a simple batch file with just the configuration password line (crypto.bat):

SET RCLONE_CONFIG_PASS = xxxxxxxxxxxxxxxxxxxx

I encrypted this file with AxCrypt (crypto.bat -> crypto-bat.axx)

So I made another batch file (that calls Rclone) that decrypts the file crypto.bat, calls it and encrypts it again:

"%ProgramFiles%\Axantum\AxCrypt\AxCrypt.exe" -d crypto-bat.axx
call crypto.bat
"%ProgramFiles%\Axantum\AxCrypt\AxCrypt.exe" -z crypto.bat
rclone............

As the axcrypt password has already been typed (shortly after logon) it is not requested again, it is already cached.

However this only works with a logged in user, it does not work for servers.


#16

Nice solution :slight_smile:

Not heard of AxCrypt before!