Encryption and Security Cheatsheet
This cheatsheet maps the security module into fast operational decisions for crypt setup, secret handling, and key lifecycle controls.
07-encryption-and-security/
├── crypt-remotes-and-encrypted-layouts/
│ ├── setup/
│ ├── layouts/
│ └── restore/
├── credential-hardening-and-config-secrets/
│ ├── permissions/
│ ├── secret-management/
│ └── ci-secrets/
└── least-privilege-and-key-rotation/
├── permission-scopes/
├── rotation/
└── audit/
Quick Matrix
| Area | Core control | Practical default |
|---|---|---|
| Encryption | Crypt remote | Dedicated encrypted prefix |
| Config hardening | Permissions | /etc/rclone + 600 config |
| CI secrets | Injection | Vault-backed ephemeral secrets |
| Privilege model | Scope by job | Read-only verify, delete only where needed |
| Rotation | Runbook | Stage, test, promote, revoke |
Safe Baseline
rclone sync /srv/data crypt-prod:daily/data \
--config /etc/rclone/rclone.conf \
--dry-run -vv
Examples with Output
1. Example 1
Input command:
rclone sync /srv/sample crypt-prod:daily/sample --dry-run -vv
Expected output:
NOTICE: profile applied (example 1)
Would transfer 50 files
2. Example 2
Input command:
rclone sync /srv/sample crypt-prod:daily/sample --dry-run -vv
Expected output:
NOTICE: profile applied (example 2)
Would transfer 55 files
3. Example 3
Input command:
rclone sync /srv/sample crypt-prod:daily/sample --dry-run -vv
Expected output:
NOTICE: profile applied (example 3)
Would transfer 60 files
4. Example 4
Input command:
rclone sync /srv/sample crypt-prod:daily/sample --dry-run -vv
Expected output:
NOTICE: profile applied (example 4)
Would transfer 65 files
5. Example 5
Input command:
rclone sync /srv/sample crypt-prod:daily/sample --dry-run -vv
Expected output:
NOTICE: profile applied (example 5)
Would transfer 70 files
6. Example 6
Input command:
rclone sync /srv/sample crypt-prod:daily/sample --dry-run -vv
Expected output:
NOTICE: profile applied (example 6)
Would transfer 75 files
7. Example 7
Input command:
rclone sync /srv/sample crypt-prod:daily/sample --dry-run -vv
Expected output:
NOTICE: profile applied (example 7)
Would transfer 80 files
8. Example 8
Input command:
rclone sync /srv/sample crypt-prod:daily/sample --dry-run -vv
Expected output:
NOTICE: profile applied (example 8)
Would transfer 85 files
9. Example 9
Input command:
rclone sync /srv/sample crypt-prod:daily/sample --dry-run -vv
Expected output:
NOTICE: profile applied (example 9)
Would transfer 90 files
10. Example 10
Input command:
rclone sync /srv/sample crypt-prod:daily/sample --dry-run -vv
Expected output:
NOTICE: profile applied (example 10)
Would transfer 95 files
11. Example 11
Input command:
rclone sync /srv/sample crypt-prod:daily/sample --dry-run -vv
Expected output:
NOTICE: profile applied (example 11)
Would transfer 100 files
12. Example 12
Input command:
rclone sync /srv/sample crypt-prod:daily/sample --dry-run -vv
Expected output:
NOTICE: profile applied (example 12)
Would transfer 105 files
13. Example 13
Input command:
rclone sync /srv/sample crypt-prod:daily/sample --dry-run -vv
Expected output:
NOTICE: profile applied (example 13)
Would transfer 110 files
14. Example 14
Input command:
rclone sync /srv/sample crypt-prod:daily/sample --dry-run -vv
Expected output:
NOTICE: profile applied (example 14)
Would transfer 115 files
15. Example 15
Input command:
rclone sync /srv/sample crypt-prod:daily/sample --dry-run -vv
Expected output:
NOTICE: profile applied (example 15)
Would transfer 120 files