If you want to make sure your most sensitive files are kept secure and accessible only to you, then a cloud storage solution with client-side encryption is the way to go.
It's been all the rage in cloud storage to offer zero-knowledge and end-to-end encryption, but these words are just wind if you cannot verify that a service provider actually works like it says it does.
This is why we chose to implement Koofr Vault as a separate, open-source application - so users could inspect the code and even deploy it themselves, if they were inclined to do so.
And since many of our users were already using rclone to encrypt their files client-side, making Koofr Vault compatible with this open-source command-line tool just made sense.
Koofr Vault compatibility with rclone means that you can take an existing crypt from rclone and access it using Koofr Vault, or you can create a new Safe Box and access it from your desktop using rclone. It works both ways.
If you need a refresher on Koofr Vault, click over to our beginner's guide.
Importing a crypt configuration from rclone
First, let's look at how you can import an existing crypt remote from rclone to your Koofr Vault. You'll need to import the configuration data for the chosen remote - but first, you'll need to find it.
The easiest way to do this is to open the rclone.conf file and copy the configuration data from there. We can do this from the command-line to streamline the process.
On Windows, open the file in a text editor by entering the following path in cmd:
On Mac, use the following command to open the file:
On Linux, open the file by entering the following command:
In our example, we have a previously created crypt remote called encrypted which points to /My photos/Private photos in our Koofr account. Here's our rclone.conf:
To let Koofr Vault access this folder, we'll take the configuration data for encrypted and use it to create a new Safe Box.
Click on Show advanced settings to display the additional setup options. Input the configuration data in the rclone config text box. The format should be like the example above the text box.
Click on Fill to automatically populate the main form fields with deobfuscated data. Confirm by clicking on Create.
Once your Safe Box is created, Koofr Vault will display the Safe Box configuration. Click on Copy, then Continue.
Next, enter your crypt password, or Safe Key, to unlock the Safe Box and access the encrypted folder.
Accessing a Safe Box using rclone
Now, let's see how you can access a Safe Box you created in Koofr Vault using rclone.
We'll assume that you've already set up rclone and created a remote for your Koofr account.
Again, the easiest way to do this is through rclone.conf. Open the file in a text editor like above, then add the rclone config configuration data for your Safe Box from Koofr Vault.
After editing the file, make sure you save the changes you've made.
*Note: The default config data assumes your main Koofr remote is named 'koofr'. If you named your remote differently, then make sure to edit the location path (remote=your-remote-name:/path/to/safe-box).
You can check to see whether everything's been set up correctly by listing your remotes using either of the following:
Use the ls or lsd commands to check the connection by listing the files or folders in the encrypted remote:
rclone lsd remote:
That's all there is to it! You could also set this up through the rclone config dialogue using the same process you would use to set up client-side encryption in rclone. However, we recommend using rclone.conf as it is much less likely for you to make a mistake somewhere along the way.
Note: You would also need to use the unobfuscated configuration data from your Safe Box to set it up as a rclone crypt correctly using rclone config.
Did this work for you? Have something to add? Join the Koofr community on Reddit and let us know!