Backup files to the cloud using Rclone – Windows

Rclone is an amazing tool that is used to manage files on cloud storage. Its fast, easy to use and command line based. You can choose from a wide range of supported providers, such as Amazon Drive, Google Drive, OneDrive, JottaCloud and many more. See the complete list here. https://rclone.org/

In this blogpost I will show you how to create a remote location, copy from local drive to remote encrypted, create a simple bash script with hashed password which you can run with scheduled tasks.

Create a Remote location

1. Download and unpack Rclone to your C:\ drive.
2. Open up CMD in priviledged mode and CD into the Rclone folder.
3. Type ‘rclone.exe config’ and press ‘n’ for New remote.
4. Give it a name. I’ll just call it ‘Remote’
5. Choose which provider you want to use. I’ll choose Google drive, nr 13.
6. You will now be asked to provide a Client ID. You can create your own by visiting the link in the config, or just press enter to use the default one. This will give you low performance because the key is shared and Googles default quota is 10 transactions per second. For the sake of this tutorial, I will use the default one.
7. If you created your own Client ID, paste the Client secret that you got from google.
8. Give Rclone the apporpriate permissions. I will give ‘Full access to all files, excluding application data folder’
9. Leave root_folder_id blank.
10. Leave service account credentials blank.
11. Press ‘n’ when asked about advanced config.
12. Say ‘y’ to use auto config.
13. You will now be asked to authenticate yourself on Google Drive and give Rclone access to your drive.
14. Say ‘n’ when asked if this is a team drive.
15. Review the remote settings and say ‘y’.

You will now see that you have a new remote location under ‘Current remotes’.

Encrypt Remote location

Now that you have created a remote location you want to encrypt the data that is sent to your cloud storage. You can use Rclones ‘crypt’ function. Rclone uses symmectric key encryption where a password is used to generate real encryption key.

1. Type ‘rclone.exe config’ and type ‘n’ and hit enter.
2. Give it a name. I’ll call it encrypted.
3. From the list, choose nr 10, or “crypt”.
4. Choose which remote location you want to encrypt. I want to encrypt the one I made earlier and I want the files to be saved to a folder called ‘encrypted’, so I type ‘ Remote:Encrypyted’.
5. Choose if you want to encrypt the file names. In my case, I’ll encrypt them.
6. Chose if you want to encrypt folders. In my case, I’ll encrypt them.
7. Create a password for encryption, or generate random password.
8. Create a salt, or skip.
9. Review the changes and type ‘y’.

Copy Files to Cloud Storage

I like to use the copy command, and not sync. If you use sync, and you delete files on your local drive, the files will be deleted from the remote location next time you sync.

To copy to files encrypted to cloud storage, use this command

rclone.exe copy source:path destination:path 

#Example
rclone.exe copy "C:\Users\aghanim\Pictures" Encrypted: -vv 

# -vv = very verbose

Your files will look like this on the Cloud Storage.

Secure your rclone config

You will not benefit from encrypting your files, if you dont seucre your rclone config file. If anyone steals the config file, they will have full access to your encrypted files.

1. To encrypt your rclone config file, type ‘rclone.exe config’ and type ‘s’
2. Set a password

If you loose this password, you will loose access to your ecrypted files. There is no way to recover them.

And please take a backup of your rclone config and save it somewhere safe. You’ll find it here:

C:\Users\USERNAME\.config\rclone\rclone.conf

Create a bash script that copies files from source to dest encrypted – using ‘–password-command’

Instead of typing your password in plain text in your script, we can use the built-in function –password-command.

pg1 have created a very nice tutorial which I will link to here.

Using his tutorial, I’ve created this simple script that will run in scheduled task everyday. Type the script in notepad, save it as a ‘.bat’ and run it with scheduled task.

rclone.exe -v --password-command "powershell C:\rclone-v1.55.1\rcpw.ps1" copy D: Encrypted:D --log-file C:\RcloneLogFile\Rclone_logs_D.txt

#This script will copy everything from the D:\ drive encryted to my cloud storage.