I want to use rclone to mount a Google Drive with a script stored on a USB disk which will be removed immediately after the script is executed.
With help of ncw and asdffdsa, I found that making the config on the fly could be the solution.
I tried to mount my Google Drive this way and everything works fine.
While before I am going to use this method, I have some security concerns.
To my understanding, it's going to expose some sensitive info, e.g. client secret and sa credential, to shell environment variable.
I am not a coder so I don't have comprehensive understanding of how shell works.
Therefore, could anyone tell me would this really causes security issues, and is there any way to fix/improve this?
Thanks in advance!
Run the command 'rclone version' and share the full output of the command.
rclone v1.58.1
- os/version: Microsoft Windows 10 Pro for Workstations 21H2 (64 bit)
- os/kernel: 10.0.19044.1682 (x86_64)
- os/type: windows
- os/arch: amd64
- go/version: go1.17.9
- go/linking: dynamic
- go/tags: cmount
Which cloud storage system are you using?
Google Drive
The command you were trying to run (eg rclone copy /tmp remote:tmp)
I made a remote with environment variables and the variables remain there after the remote is created, just like asdffdsa's case.
You mentioned, "Rclone could delete the environment variables once it has read then I suppose". Could you tell me how to do this, maybe add certain flags or...?
By the way, is it possible to delete environment variables by another program (windows and linux - I mainly use debian)?
currently, rclone does not do that, ncw would have to modify the source code.
and i think that is a good idea, perhaps yet another new flag, --delete-env-var
your example uses windows, and for that, the answer is no.
why not use an encrypted rclone config file?
when you run the script, type in the rclone password once.
I would also support the idea to add a feature of deleting the environment variables.
Probably I should use an encrypted rclone config file.
But I still have two questions.
First, since I am using a service account but not a token, rclone is not going to update the config file automatically, is it?
Second, if it's on linux, e.g. debian, is it possible to to delete environment variables by another program?
well, your remote is a bit confusing; using both service account file AND client_id+client_secret.
no need for both, just use the service account file and remove the client_id+client_secret
i think this has been discussed in the forum a few times.
as far as i know, the answer is rclone is not going to update the config file.
I don't know much about the service account and client id+secret. I am going to follow your advice but could you explain it further? I am curious about the details behind.