My journey with secure cloud storage and why Rclone is awesome

2025-01-07

Hello and happy new year! I am a bit late to say that but whatever! Today I will be having a highly autistic rant about why Rclone is awesome and probably one of my new favorite CLI tools as well as my experiances with cloud storage.

Last week I was interested in setting up some cloud storage. I have always been concerned about data loss from any of my devices. I have physical backups of most things on external hard drives but not too long ago I had 2 of them fail on me at once so now im paranoid. Time to invest in cheap cloud storage.

The issue with cloud storage for me personally is from a place of security. Even if I used a trustworthy provider that isn’t going to sell my data like Google for example, Data leaks can still happen and I can’t dump all my data on to a cloud server in good faith knowing at any time it could all be leaked or sold off to some asshole. So basically, I needed some form of encryption.

There are a couple cloud providers out there that advertize using end to end encryption such as Proton Drive which I technically already have as I pay for Proton Mail. But feel free to call me paranoid but I will only feel safe putting my data on cloud storage if I can generate my own encryption keys and see the end to end encryption for myself! I have no problems with Proton but thats just how I am personally.

For a provider I did not go with Proton mainly because I only pay for their email plan so I only get 15 GB of storage and that is just not enough for me. I went with a Hetzner Storage Box. 1 TB of storage with them is about $3.50 which I am happy with. I also liked that the storage box is accessed with open standards like SFTP or WebDAV rather than their own web interface. This was nice although it didn’t solve my need for encryption.

The most well known tool for encrypting data on the cloud is probably Cryptomator. It is an open source application that allows you to create encrypted vaults that your data can live in. When you want to access the data in the vault you open Cryptomator, enter your vault password and it will mount a decrypted version of the files using FUSE. Cryptomator actually does not interface with any cloud providers or even connect to the internet at all. All it does it make encrypted vaults. What I tried to do was add my storage box to my file manager (Nautilus) and make a vault on the storage box which I would put all my data in. In theory this works but in practice it was extremely slow to copy over or download data from the storage box. I have no clue why this is but well it was a pretty clumsy feeling setup anyways. You could also just have a copy of the files you want in the cloud on your computer somewhere and copy the data to the cloud manually but not only was this a huge waste of space but felt even more clumsy than the setup before. So Cryptomator was out of the picture for me. Surely there is a tool out there that is easier to use than this.

This is where I discovered Rclone. It is an open source CLI tool for managing and syncing files on cloud storage. Its sort of like rsync but for the cloud. It supports over 70 cloud providers as well as open standards like SFTP and WebDAV. This on its own is great and all but what made me want to learn how to use it was seeing the documentation page for crypt. This is exactly what I needed! Using crypt, data uploaded to the cloud is encrypted on the fly, just like if you were uploading a file normally and when you are downloading files they are decrypted automatically. So when you view your cloud storage, all you will see if a garbled mess of encrypted data but through Rclone, what you will see are all your files decrypted. So with Rclone, you have end to end encrypted cloud storage even for providers that don’t do end to end encryption!

The only downside to Rclone initially which made me roll my eyes was that it was a CLI program. I thought I would be spending my weekend reading Rclone’s documentation and slamming my head against the keyboard to get this to work. That is how many CLI programs tend to be; designed for experts only and being a pain in the ass to use for the average user like me. Luckily, Rclone was very user friendly and easy to use! All I had to do to start was run rclone config and follow a pretty straight forward setup guide to make my first remote. I added my Hetzner Storage Box with SFTP. With my storage box set up in rclone for example if I wanted to copy over some files I could do something like rclone copy ~/Pictures/ hetznersb:Pictures/ and I would have my pictures folder copied over. Now I just need to add the encryption.

I was scared that things would get super complex with this part but it actually couldn’t be easier! All I had to do was run rclone config again and add the crypt remote. It will ask which remote path you want encryption on so I made a folder on the root of my storage box called ‘rclonecrypt’ where my encrypted files will live. From there it will ask some straight forward questions like setting a password for the encryption and if I want to encrypt file names. I named the crypt remote ‘hetznercrypt’. Now if I want to upload some files with encryption I could do for example rclone copy ~/Pictures/ hetznercrypt:Pictures and it would copy my files over with encryption to /rclonecrypt/Pictures/ on the remote! Now everything is set up but man, doing all of this stuff through a CLI program is pretty cumbersome. If only there was a solution…

Later on I learned about Rclone mount! It uses FUSE to mount a Rclone remote to the filesystem and it works with crypt remotes! To mount hetznercrypt to the filesystem all I had to do was run rclone mount --daemon hetznercrypt: /run/media/calciume/Hetzner Storage Box/. You can pick any mount point you want but that is the one I picked. It even shows up in Nautilus and everything! And in the background its all end to end encrypted but when its mounted you can’t even tell! It is just that seemless. So I am pretty happy now. Only thing missing is how to get this working on my phone.

I found an Android app called RSAF which fit my needs perfectly. It is not a file manager app but rather an app that works very similar to rclone mount. It mounts Rclone remotes to the filesystem, allowing it to show up in the native Android file manager. The setup for this was nearly non-existant. All I had to do was install the app, copy over my Rclone config file and import it into RSAF. RSAF will automatically import all the settings for my remotes and they will then appear in the native Android Files app. Now I can view my encrypted files with my phone and my journey is complete.

In conclusion: Rclone is incredible. Probably my favorite CLI tool and I have only used it for about 5 days. Hopefully me writing this article can help some people who have concerns about using cloud storage in this data obsessed world. If you made it here, thank you for reading! Hopefully my rambling made sense! If it didn’t, feel free to Send me an email or just reach out if you enjoyed it! I’ll find something new to obsessively ramble about soon.