Using rclone with Koofr Vault
Learn how to access your client-side encrypted files in Koofr Vault from your desktop using rclone.
Written by human for humans
If you want to make sure your most sensitive files are kept secure and accessible only to you, then a cloud storage solution with client-side encryption is the way to go.
It's been all the rage in cloud storage to offer zero-knowledge and end-to-end encryption, but these words are just wind if you cannot verify that a service provider actually works like it says it does.
This is why we chose to implement Koofr Vault as a separate, open-source application - so users could inspect the code and even deploy it themselves, if they were inclined to do so.
And since many of our users were already using rclone to encrypt their files client-side, making Koofr Vault compatible with this open-source command-line tool just made sense.
Koofr Vault compatibility with rclone means that you can take an existing crypt from rclone and access it using Koofr Vault, or you can create a new Safe Box and access it from your desktop using rclone. It works both ways.
If you need a refresher on Koofr Vault, click over to our beginner's guide.
Importing a crypt configuration from rclone
First, let's look at how you can import an existing crypt remote from rclone to your Koofr Vault. You'll need to import the configuration data for the chosen remote - but first, you'll need to find it.
The easiest way to do this is to open the rclone.conf file and copy the configuration data from there. We can do this from the command-line to streamline the process.
On Windows, open the file in a text editor by entering the following path in cmd:
%APPDATA%/rclone/rclone.conf
On Mac, use the following command to open the file:
open ~/.config/rclone/rclone.conf
On Linux, open the file by entering the following command:
sensible-editor ~/.config/rclone/rclone.conf
In our example, we have a previously created crypt remote called encrypted which points to /My photos/Private photos in our Koofr account. Here's our rclone.conf:
To let Koofr Vault access this folder, we'll take the configuration data for encrypted and use it to create a new Safe Box.
Click on Show advanced settings to display the additional setup options. Input the configuration data in the rclone config text box. The format should be like the example above the text box.
Click on Fill to automatically populate the main form fields with deobfuscated data. Confirm by clicking on Create.
Once your Safe Box is created, Koofr Vault will display the Safe Box configuration. Click on Copy, then Continue.
Next, enter your crypt password, or Safe Key, to unlock the Safe Box and access the encrypted folder.
Accessing a Safe Box using rclone
Now, let's see how you can access a Safe Box you created in Koofr Vault using rclone.
We'll assume that you've already set up rclone and created a remote for your Koofr account.
Again, the easiest way to do this is through rclone.conf. Open the file in a text editor like above, then add the rclone config configuration data for your Safe Box from Koofr Vault.
After editing the file, make sure you save the changes you've made.
*Note: The default config data assumes your main Koofr remote is named 'koofr'. If you named your remote differently, then make sure to edit the location path (remote=your-remote-name:/path/to/safe-box).
You can check to see whether everything's been set up correctly by listing your remotes using either of the following:
rclone config
rclone listremotes
Use the ls or lsd commands to check the connection by listing the files or folders in the encrypted remote:
rclone lsd remote:
That's all there is to it! You could also set this up through the rclone config dialogue using the same process you would use to set up client-side encryption in rclone. However, we recommend using rclone.conf as it is much less likely for you to make a mistake somewhere along the way.
Note: You would also need to use the unobfuscated configuration data from your Safe Box to set it up as a rclone crypt correctly using rclone config.
Upload files from your computer to your Safe Box using rclone
If you want to easily upload files from your computer to your Safe Box, which the previously created crypt remote points to, enter the following command:
rclone copy pathtoyourfiles nameofcryptremote:
You will need to change some of the strings from the command:
- pathtoyourfiles is the path of the file or folder you want to upload to your Safe Box. If the file or folder name contains spaces, enclose the name in quotation marks (e.g., “Screenshot 2024”).
- nameofcryptremote is the name of the crypt remote you’ve created. In our case the name of the crypt remote is encrypted but if you named yours differently, adjust the command accordingly.
Note: make sure that you choose correct remote. It must be one of your crypt remotes (for example, in our case koofr is not a crypt remote). If you don't do this, an error will appear in your Koofr Vault, as you cannot upload encrypted files into an unencrypted folder.
Did this work for you? Have something to add? Join the Koofr community on Reddit and let us know!