Encrypted Google Drive backup with rclone crypt (part 2)
This is a continuation of the first part, where I built a basic backup solution using local storage. Now I add another cloud provider and encryption.

# Dropbox: add an offsite target
To get an access token, I need to configure rclone locally because the flow needs a web browser. I did it with Docker:
docker run --rm -it \
-v ./config:/config/rclone \
-v ./data:/data \
--net=host \
rclone/rclone authorize "dropbox"
After getting the token, add new sections to rclone.conf:
[dropbox]
type = dropbox
token = {"access_token":"<...>"} # whole obtained string
[dropbox-crypt]
type = crypt
remote = dropbox:
filename_encryption = obfuscate
directory_name_encryption = false
password = <PASSWORD>
Important: Replace <PASSWORD> with a long unique password. rclone
helps with it.
# rclone: run encrypted backup
Now use the encrypted Dropbox remote to back up Google Drive data:
docker run --rm -it \
-v ./config:/config/rclone \
-v ./data:/data\
rclone/rclone --drive-shared-with-me \
copy google-drive:<SHARED FOLDER> dropbox-crypt:
# rclone: restore encrypted backup
To restore the encrypted backup, reverse the source and destination in the
rclone copy command:
docker run --rm -it \
-v ./config:/config/rclone \
-v ./data:/data \
rclone/rclone --drive-shared-with-me \
copy dropbox-crypt: google-drive:<SHARED FOLDER>
This decrypts and copies files back to Google Drive.
Note: Only properly encrypted files will be recovered.
# Verdict: encrypted, cheap, restorable
Dropbox gives the backup a second place to live. crypt keeps Dropbox from
seeing the plain files. The weak point stays boring: password quality. Long,
unique password. Stored properly.
Next boring task: regular restore tests. Then health checks and notifications.