Encrypted Google Drive backup with rclone crypt (part 2)

This is a continuation of the first part, where I built a basic backup solution using local storage. Now I add another cloud provider and encryption.

# Dropbox: add an offsite target

To obtain an access token, I need to configure rclone locally (because of web browser). Here’s how I did it using Docker:

docker run --rm -it \
    -v ./config:/config/rclone \
    -v ./data:/data \
    --net=host \
    rclone/rclone authorize "dropbox"

After obtaining the token, add new sections to rclone.conf:

[dropbox]
type = dropbox
token = {"access_token":"<...>"}  # whole obtained string

[dropbox-crypt]
type = crypt
remote = dropbox:
filename_encryption = obfuscate
directory_name_encryption = false
password = <PASSWORD>

Important: Remember to replace <PASSWORD> with a strong, secure password, rclone helps with it.

# rclone: run encrypted backup

Now use the encrypted Dropbox remote to back up Google Drive data:

docker run --rm -it \
    -v ./config:/config/rclone \
    -v ./data:/data\
    rclone/rclone --drive-shared-with-me \
    copy google-drive:<SHARED FOLDER> dropbox-crypt:

# rclone: restore encrypted backup

To restore the encrypted backup, reverse the source and destination in the rclone copy command:

docker run --rm -it \
    -v ./config:/config/rclone \
    -v ./data:/data \
    rclone/rclone --drive-shared-with-me \
    copy dropbox-crypt: google-drive:<SHARED FOLDER>

This decrypts and copies files back to Google Drive.

Note: Only properly encrypted files will be recovered.

# Verdict: encrypted, cheap, restorable

By adding Dropbox as a secondary backup destination and encrypting data, this setup improves redundancy for my Google Drive backup. Extra layer against data loss or unauthorized access. The weak point stays boring: password quality. Strong, unique password. Stored properly.

Next boring task: regular restore tests. Then health checks and notifications.