{"id":11,"date":"2017-12-02T10:25:00","date_gmt":"2017-12-02T10:25:00","guid":{"rendered":""},"modified":"2021-02-22T01:14:02","modified_gmt":"2021-02-22T01:14:02","slug":"encrypt-backup-your-data-with-rclone","status":"publish","type":"post","link":"https:\/\/www.tech-and-dev.com\/blog\/2017\/12\/encrypt-backup-your-data-with-rclone.html","title":{"rendered":"Encrypt & Backup your Data With Rclone"},"content":{"rendered":"
\n
\"Rclone<\/a><\/div>\n

This tutorial is compatible with any storage service such as Amazon, Google Drive, buckets, SSHs or FTPs. However, I’ll be using Backblaze.com buckets. As of the date of this post,Backblaze offers 200GB for $1\/month, which is the cheapest on the net, followed by OVH cloud storage and Hubic (Also owned by OVH).<\/p>\n

This tutorial will cover the following:
\n1- Creating remote connection
\n2- Creating remote encrypted connection
\n3- Upload Data
\n4- Download Data
\n5- Different Commands & Flags<\/p>\n

<\/a><\/p>\n

1- Creating remote connection<\/h2>\n

Configure rclone and follow the steps<\/p>\n

rclone config<\/pre>\n
Enter n for new connection<\/p>\n
n<\/pre>\n
I’ll call my new connection “remote<\/b>”<\/p>\n
I’ll store my backups on backblaze<\/b>, make sure to create a bucket first from backblaze’s admin panel, I’ll call my bucket etra-test<\/b><\/p>\n
Account ID & key number can be found in backblaze, buckets section<\/p>\n
You can leave “Endpoint” empty<\/p>\n
This is my output:<\/p>\n
rclone config<\/pre>\n
Current remotes:<\/p>\n
Name\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Type<\/p>\n
====\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ====<\/p>\n
e) Edit existing remote<\/p>\n
n) New remote<\/p>\n
d) Delete remote<\/p>\n
r) Rename remote<\/p>\n
c) Copy remote<\/p>\n
s) Set configuration password<\/p>\n
q) Quit config<\/p>\n
e\/n\/d\/r\/c\/s\/q> n<\/p>\n
name> remote<\/p>\n
Type of storage to configure.<\/p>\n
Choose a number from below, or type in your own value<\/p>\n
1 \/ Amazon Drive<\/p>\n
“amazon cloud drive”<\/p>\n
2 \/ Amazon S3 (also Dreamhost, Ceph, Minio)<\/p>\n
“s3”<\/p>\n
3 \/ Backblaze B2<\/p>\n
“b2”<\/p>\n
4 \/ Box<\/p>\n
“box”<\/p>\n
5 \/ Dropbox<\/p>\n
“dropbox”<\/p>\n
6 \/ Encrypt\/Decrypt a remote<\/p>\n
“crypt”<\/p>\n
7 \/ FTP Connection<\/p>\n
“ftp”<\/p>\n
8 \/ Google Cloud Storage (this is not Google Drive)<\/p>\n
“google cloud storage”<\/p>\n
9 \/ Google Drive<\/p>\n
“drive”<\/p>\n
10 \/ Hubic<\/p>\n
“hubic”<\/p>\n
11 \/ Local Disk<\/p>\n
“local”<\/p>\n
12 \/ Microsoft Azure Blob Storage<\/p>\n
“azureblob”<\/p>\n
13 \/ Microsoft OneDrive<\/p>\n
“onedrive”<\/p>\n
14 \/ Openstack Swift (Rackspace Cloud Files, Memset Memstore, OVH)<\/p>\n
“swift”<\/p>\n
15 \/ QingClound Object Storage<\/p>\n
“qingstor”<\/p>\n
16 \/ SSH\/SFTP Connection<\/p>\n
“sftp”<\/p>\n
17 \/ Yandex Disk<\/p>\n
“yandex”<\/p>\n
18 \/ http Connection<\/p>\n
“http”<\/p>\n
Storage> 3<\/p>\n
Account ID<\/p>\n
account> myaccountnumber<\/p>\n
Application Key<\/p>\n
key> mykeynumber<\/p>\n
Endpoint for the service – leave blank normally.<\/p>\n
endpoint><\/p>\n
Remote config<\/p>\n
——————–<\/p>\n
[myremote]<\/p>\n
account = myaccountnumber<\/p>\n
key = mykeynumber<\/p>\n
endpoint =<\/p>\n
——————–<\/p>\n
y) Yes this is OK<\/p>\n
e) Edit this remote<\/p>\n
d) Delete this remote<\/p>\n
y\/e\/d> y<\/p>\n
Current remotes:<\/p>\n
Name\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Type<\/p>\n
====\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ====<\/p>\n
remote\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 b2<\/p>\n
e) Edit existing remote<\/p>\n
n) New remote<\/p>\n
d) Delete remote<\/p>\n
r) Rename remote<\/p>\n
c) Copy remote<\/p>\n
s) Set configuration password<\/p>\n
q) Quit config<\/p>\n
e\/n\/d\/r\/c\/s\/q><\/p>\n
2- Creating remote encrypted connection<\/h2>\n
Create new remote in rclone by entering n for new connection<\/p>\n
n<\/pre>\n
I’ll call my new connection “encremote<\/b>” which stands for encrypted remote<\/p>\n
Choose #6 “Encrypt\/Decrypt a remote”<\/b><\/p>\n
I’ll be backing up my data in the previously created bucket called etra-test<\/b>, so the remote to encrypt will be “remote:etra-test<\/b>“.<\/p>\n
Create a hard to guess password and a hard to guess salt, make sure to not lose these, otherwise you won’t be able to decrypt your data in the future.<\/p>\n
Click q to quit<\/p>\n
q<\/pre>\n
This is my output:<\/p>\n
e) Edit existing remote<\/pre>\n
n) New remote<\/p>\n
d) Delete remote<\/p>\n
r) Rename remote<\/p>\n
c) Copy remote<\/p>\n
s) Set configuration password<\/p>\n
q) Quit config<\/p>\n
e\/n\/d\/r\/c\/s\/q> n<\/p>\n
name> encremote<\/p>\n
Type of storage to configure.<\/p>\n
Choose a number from below, or type in your own value<\/p>\n
1 \/ Amazon Drive<\/p>\n
“amazon cloud drive”<\/p>\n
2 \/ Amazon S3 (also Dreamhost, Ceph, Minio)<\/p>\n
“s3”<\/p>\n
3 \/ Backblaze B2<\/p>\n
“b2”<\/p>\n
4 \/ Box<\/p>\n
“box”<\/p>\n
5 \/ Dropbox<\/p>\n
“dropbox”<\/p>\n
6 \/ Encrypt\/Decrypt a remote<\/p>\n
“crypt”<\/p>\n
7 \/ FTP Connection<\/p>\n
“ftp”<\/p>\n
8 \/ Google Cloud Storage (this is not Google Drive)<\/p>\n
“google cloud storage”<\/p>\n
9 \/ Google Drive<\/p>\n
“drive”<\/p>\n
10 \/ Hubic<\/p>\n
“hubic”<\/p>\n
11 \/ Local Disk<\/p>\n
“local”<\/p>\n
12 \/ Microsoft Azure Blob Storage<\/p>\n
“azureblob”<\/p>\n
13 \/ Microsoft OneDrive<\/p>\n
“onedrive”<\/p>\n
14 \/ Openstack Swift (Rackspace Cloud Files, Memset Memstore, OVH)<\/p>\n
“swift”<\/p>\n
15 \/ QingClound Object Storage<\/p>\n
“qingstor”<\/p>\n
16 \/ SSH\/SFTP Connection<\/p>\n
“sftp”<\/p>\n
17 \/ Yandex Disk<\/p>\n
“yandex”<\/p>\n
18 \/ http Connection<\/p>\n
“http”<\/p>\n
Storage> 6<\/p>\n
Remote to encrypt\/decrypt.<\/p>\n
Normally should contain a ‘:’ and a path, eg “remote:path\/to\/dir”,<\/p>\n
“remote:bucket” or maybe “remote:” (not recommended).<\/p>\n
remote> remote:etra-test<\/p>\n
How to encrypt the filenames.<\/p>\n
Choose a number from below, or type in your own value<\/p>\n
1 \/ Don’t encrypt the file names.\u00a0 Adds a “.bin” extension only.<\/p>\n
“off”<\/p>\n
2 \/ Encrypt the filenames see the docs for the details.<\/p>\n
“standard”<\/p>\n
3 \/ Very simple filename obfuscation.<\/p>\n
“obfuscate”<\/p>\n
filename_encryption> 2<\/p>\n
Password or pass phrase for encryption.<\/p>\n
y) Yes type in my own password<\/p>\n
g) Generate random password<\/p>\n
y\/g> y<\/p>\n
Enter the password:<\/p>\n
password:<\/p>\n
Confirm the password:<\/p>\n
password:<\/p>\n
Password or pass phrase for salt. Optional but recommended.<\/p>\n
Should be different to the previous password.<\/p>\n
y) Yes type in my own password<\/p>\n
g) Generate random password<\/p>\n
n) No leave this optional password blank<\/p>\n
y\/g\/n> y<\/p>\n
Enter the password:<\/p>\n
password:<\/p>\n
Confirm the password:<\/p>\n
password:<\/p>\n
Remote config<\/p>\n
——————–<\/p>\n
[encremote]<\/p>\n
remote = remote:etra-test<\/p>\n
filename_encryption = standard<\/p>\n
password = *** ENCRYPTED ***<\/p>\n
password2 = *** ENCRYPTED ***<\/p>\n
——————–<\/p>\n
y) Yes this is OK<\/p>\n
e) Edit this remote<\/p>\n
d) Delete this remote<\/p>\n
y\/e\/d> y<\/p>\n
Current remotes:<\/p>\n
Name\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Type<\/p>\n
====\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ====<\/p>\n
encremote\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 crypt<\/p>\n
remote\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u00a0 \u00a0\u00a0 b2<\/p>\n
e) Edit existing remote<\/p>\n
n) New remote<\/p>\n
d) Delete remote<\/p>\n
r) Rename remote<\/p>\n
c) Copy remote<\/p>\n
s) Set configuration password<\/p>\n
q) Quit config<\/p>\n
e\/n\/d\/r\/c\/s\/q> q<\/p>\n
 <\/p>\n
3- Upload Data<\/h2>\n
I’ll be uploading the content of the directory \/home\/pc\/pictures (Similar to C:UserspcPictures in Windows) to the encrypted remote “encremote”. “encremote” will automatically encrypt the data using the password and salt that was entered and will send them to “remote”, “remote” will then upload them automatically to the Backblaze bucket.<\/p>\n
rclone copy \/home\/pc\/pictures encremote:<\/pre>\n
This will copy everything from \/home\/pc\/pictures to the Backblaze bucket, files that already exist will be skipped.<\/p>\n
You can also use “sync”, though I personally wouldn’t recommend it. “sync” will synchronize all the files in the source directory (\/home\/pc\/pictures) to the remote bucket, if the remote directory has files that the source don’t have, they will be deleted.<\/p>\n
rclone sync \/home\/pc\/pictures encremote:<\/pre>\n
4- Download Data<\/h2>\n
I’ll be downloading the files from the remote “encremote” to \/home\/pc\/test. If you want to download them to another PC, make sure to follow Step 1 and Step 2 with the same password and salt.<\/p>\n
rclone copy encremote: \/home\/pc\/test<\/pre>\n
This will copy everything from encremote: to \/home\/pc\/test and skip the files that already exist<\/p>\n
5- Different Commands & Flags<\/h2>\n
You can always check the content of a remote or an encrypted remote.
\nThe following will show the content of the encrypted remote:<\/p>\n
rclone ls encremote:<\/pre>\n
The following will show the encrypted files and directories inside the bucket<\/p>\n
rclone ls remote:<\/pre>\n
When copying files, you can use several paramters, most importantly<\/p>\n
--bwlimit intValue<\/pre>\n
This will limit your bandwidth upload speed (in KB\/s)<\/p>\n
You can use -v to print details about the copy\/sync. You can use -v several times for more details, example<\/p>\n
-v<\/pre>\n
or<\/p>\n
-v -v -v<\/pre>\n
You can also limit the number of files to copy, by default rclone copy 4 files at the same time.<\/p>\n
--transfers intValue<\/pre>\n
Example:<\/p>\n
rclone copy --bwlimit 55 -v -v -v --transfers 2 \/home\/pc\/pictures encremote:<\/pre>\n
Questions or comments? Post below <\/b><\/p>\n
 <\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"
This tutorial is compatible with any storage service such as Amazon, Google Drive, buckets, SSHs or FTPs. However, I’ll be using Backblaze.com buckets. As of the date of this post,Backblaze offers 200GB for $1\/month, which is the cheapest on the net, followed by OVH cloud storage and Hubic (Also owned by OVH). This tutorial will […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[12],"tags":[],"class_list":["post-11","post","type-post","status-publish","format-standard","hentry","category-rclone"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/posts\/11","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/comments?post=11"}],"version-history":[{"count":2,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/posts\/11\/revisions"}],"predecessor-version":[{"id":389,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/posts\/11\/revisions\/389"}],"wp:attachment":[{"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/media?parent=11"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/categories?post=11"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tech-and-dev.com\/blog\/wp-json\/wp\/v2\/tags?post=11"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}