dhy@ironhide: ~/site
dhy@ironhide:~/site$cat header.html
_____ _ _ _ _ | __ \| | | | | | | | | | | |_| | | | | | | | | _ | |_| | | |__| | | | | _ | |_____/|_| |_|_| |_| ~/dhy.tr — personal notes & technical writing
dhy@ironhide:~/site$ls -la *.md

Secure Data Storage with Google Drive + Rclone + Crypt

Why?

Storing personal documents, photos, or private files on the cloud can be both practical and secure.
However, services like Google Drive can index and analyze uploaded content. At this point, using rclone and crypt, it's possible to store our data encrypted.

In this post, I'll explain how to set up an encrypted personal data archive on Google Drive and how to use these files on our own computer like normal files.

Step 1: Install Rclone

Installing rclone on Linux is quite easy.

sudo apt install rclone -y     # Debian/Ubuntu
# or
sudo pacman -S rclone          # Arch Linux

Step 2: Create a Drive Remote

First, we open a remote that connects to our Google Drive account:

rclone config
# n -> new remote
# name: gdrive
# type: drive

We get an authorization code through the browser and paste it into the terminal.

Config example:

[gdrive]
type = drive
scope = drive
token = {"access_token": "***"}

Step 3: Add Crypt Remote

Now the real work: making files appear encrypted on Google's side.

rclone config
# n -> new remote
# name: gcrypt
# type: crypt
# remote: gdrive:/private-data

It will ask for a password, enter whatever you want. At the end of the config, it will look like this:

[gcrypt]
type = crypt
remote = gdrive:/private-data
password = ****
password2 = ****

Now on Google's side, file names and contents will be incomprehensible blobs, while on our side they'll appear decrypted.

Step 4: Mount Test

Let's manually mount and check:

mkdir -p /secure-data
rclone mount gcrypt: /secure-data --vfs-cache-mode full --allow-other --daemon
ls /secure-data

Here, our files will appear in decrypted form.

Step 5: Systemd Service

Let's create a unit file for automatic mounting when the system starts.

Contents of /etc/systemd/system/rclone-gcrypt.service:

[Unit]
Description=Rclone Mount - Google Drive (Crypt)
After=network-online.target
Wants=network-online.target

[Service]
Type=simple
ExecStart=/usr/bin/rclone mount gcrypt: /secure-data   --allow-other   --dir-cache-time 72h   --vfs-cache-mode full   --vfs-cache-max-size 20G   --vfs-cache-max-age 168h   --buffer-size 32M   --poll-interval 1m   --umask 022
ExecStop=/bin/fusermount -u /secure-data
Restart=on-failure
RestartSec=10

[Install]
WantedBy=multi-user.target

Let's enable it:

sudo systemctl daemon-reload
sudo systemctl enable --now rclone-gcrypt

Result

Now we're storing our personal data encrypted on Google Drive.
While file names and contents remain private on the cloud side, we can open and use them like normal files on our computer.
With this method, we both eliminate storage costs and protect our privacy.

dhy@ironhide:~/site$