Securely backup files to an online drive
Last update
2019-02-04
2019
02-04
«encrypted online backup»

We can easily accomplish this by using rclone on top of gocryptfs, just remember to:

  • do not loose the .gocryptfs.reverse.conf volume's settings file
  • disable online storage automatic file versioning to increase security

Note: in the future we could use rclone crypt but at the moment it is not the best option available.

Backup

1
2
3
4
5
6
7
8
# 1. setup the encrypted virtual fs
gocryptfs -init -reverse plain
# 2. move away volume settings
fusermount -u enc
mv plain/.gocryptfs.reverse.conf plain-gcfs.conf
# 3. remount and start the backup
gocryptfs -reverse -conf plain-gcfs.conf plain enc
rclone sync enc remote:/path/to/dest

Restore

Stable solution (requires double space):

1
2
3
4
5
6
7
8
# 1. temporary dump of the online drive
rclone sync remote:/path/to/backup enc
# 2. mount the unencrypted virtual fs
gocryptfs -reverse -conf plain-gcfs.conf enc plain
# 3. restore the backup
rsync -avi plain/ /path/to/restore/
# 4. umount the vfs
fusermount -u plain

Experimental solution via rclone mount:

1
2
3
4
5
6
7
8
9
# 1. temporary dump of the online drive
rclone mount remote:/path/to/backup enc
# 2. mount the unencrypted virtual fs
gocryptfs -conf plain-gcfs.conf -serialize_reads enc plain
# 3. restore the backup
rsync -avi plain/ /path/to/restore/
# 4. umount the virtual fs in backward order
fusermount -u plain
fusermount -u enc