Loading...
Koofr Features / Jan 18 2023

Using rclone with Koofr Vault

Learn how to access your client-side encrypted files in Koofr Vault from your desktop using rclone.

If you want to make sure your most sensitive files are kept secure and accessible only to you, then a cloud storage solution with client-side encryption is the way to go.

It's been all the rage in cloud storage to offer zero-knowledge and end-to-end encryption, but these words are just wind if you cannot verify that a service provider actually works like it says it does.

This is why we chose to implement Koofr Vault as a separate, open-source application - so users could inspect the code and even deploy it themselves, if they were inclined to do so.

And since many of our users were already using rclone to encrypt their files client-side, making Koofr Vault compatible with this open-source command-line tool just made sense.

Koofr Vault compatibility with rclone means that you can take an existing crypt from rclone and access it using Koofr Vault, or you can create a new Safe Box and access it from your desktop using rclone. It works both ways.

If you need a refresher on Koofr Vault, click over to our beginner's guide.

Importing a crypt configuration from rclone

First, let's look at how you can import an existing crypt remote from rclone to your Koofr Vault. You'll need to import the configuration data for the chosen remote - but first, you'll need to find it.

The easiest way to do this is to open the rclone.conf file and copy the configuration data from there. We can do this from the command-line to streamline the process.

On Windows, open the file in a text editor by entering the following path in cmd: %APPDATA%/rclone/rclone.conf

On Mac, use the following command to open the file: open ~/.config/rclone/rclone.conf

On Linux, open the file by entering the following command: sensible-editor ~/.config/rclone/rclone.conf

In our example, we have a previously created crypt remote called encrypted which points to /My photos/Private photos in our Koofr account. Here's our rclone.conf:

The rclone.conf file contains configuration data for all your rclone remotes with obfuscated passwords.

To let Koofr Vault access this folder, we'll take the configuration data for encrypted and use it to create a new Safe Box.

Create a Safe Boox using config data from rclone.

Click on Show advanced settings to display the additional setup options. Input the configuration data in the rclone config text box. The format should be like the example above the text box.

Click on Fill to automatically populate the main form fields with deobfuscated data. Confirm by clicking on Create.

Once your Safe Box is created, Koofr Vault will display the Safe Box configuration. Click on Copy, then Continue.

Next, enter your crypt password, or Safe Key, to unlock the Safe Box and access the encrypted folder.

Your rclone encrypted folder can now be accessed by Koofr Vault.

Accessing a Safe Box using rclone

Now, let's see how you can access a Safe Box you created in Koofr Vault using rclone.

We'll assume that you've already set up rclone and created a remote for your Koofr account.

Again, the easiest way to do this is through rclone.conf. Open the file in a text editor like above, then add the rclone config configuration data for your Safe Box from Koofr Vault.

Select the rclone config configuration data from your Safe Box and copy it into the rclone.conf file.

After editing the file, make sure you save the changes you've made.

The updated rclone.conf file containing the additional Safe Box configuration data.

*Note: The default config data assumes your main Koofr remote is named 'koofr'. If you named your remote differently, then make sure to edit the location path (remote=your-remote-name:/path/to/safe-box).

You can check to see whether everything's been set up correctly by listing your remotes using either of the following: rclone config rclone listremotes

Use the ls or lsd commands to check the connection by listing the files or folders in the encrypted remote: rclone lsd remote:

Listing remotes in rclone with rclone config or listremotes.

That's all there is to it! You could also set this up through the rclone config dialogue using the same process you would use to set up client-side encryption in rclone. However, we recommend using rclone.conf as it is much less likely for you to make a mistake somewhere along the way.

Note: You would also need to use the unobfuscated configuration data from your Safe Box to set it up as a rclone crypt correctly using rclone config.


Did this work for you? Have something to add? Join the Koofr community on Reddit and let us know!

Enjoyed this article? Why not check out what we do.

Related tags