Proton Drive is an end-to-end encrypted Swiss vault for your files that protects your data.
This is an rclone backend for Proton Drive which supports the file transfer features of Proton Drive using the same client-side encryption.
Due to the fact that Proton Drive doesn't publish its API documentation, this backend is implemented with best efforts by reading the open-sourced client source code and observing the Proton Drive traffic in the browser.
NB This backend is currently in Beta. It is believed to be correct and all the integration tests pass. However the Proton Drive protocol has evolved over time there may be accounts it is not compatible with. Please post on the rclone forum if you find an incompatibility.
Paths are specified as remote:path
Paths may be as deep as required, e.g. remote:directory/subdirectory
.
Here is an example of how to make a remote called remote
. First run:
rclone config
This will guide you through an interactive setup process:
No remotes found, make a new one?
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> remote
Type of storage to configure.
Choose a number from below, or type in your own value
[snip]
XX / Proton Drive
\ "protondrive"
[snip]
Storage> protondrive
User name
user> [email protected]
Password.
y) Yes type in my own password
g) Generate random password
n) No leave this optional password blank
y/g/n> y
Enter the password:
password:
Confirm the password:
password:
Option 2fa.
2FA code (if the account requires one)
Enter a value. Press Enter to leave empty.
2fa> 123456
Remote config
Configuration complete.
Options:
- type: protondrive
- user: [email protected]
- pass: *** ENCRYPTED ***
Keep this "remote" remote?
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y/e/d> y
NOTE: The Proton Drive encryption keys need to have been already generated
after a regular login via the browser, otherwise attempting to use the
credentials in rclone
will fail.
Once configured you can then use rclone
like this,
List directories in top level of your Proton Drive
rclone lsd remote:
List all the files in your Proton Drive
rclone ls remote:
To copy a local directory to an Proton Drive directory called backup
rclone copy /home/source remote:backup
Proton Drive Bridge does not support updating modification times yet.
The SHA1 hash algorithm is supported.
Invalid UTF-8 bytes will be replaced, also left and right spaces will be removed (code reference)
Proton Drive can not have two files with exactly the same name and path. If the conflict occurs, depending on the advanced config, the file might or might not be overwritten.
Please set your mailbox password in the advanced config section.
The cache is currently built for the case when the rclone is the only instance performing operations to the mount point. The event system, which is the proton API system that provides visibility of what has changed on the drive, is yet to be implemented, so updates from other clients won’t be reflected in the cache. Thus, if there are concurrent clients accessing the same mount point, then we might have a problem with caching the stale data.
Here are the Standard options specific to protondrive (Proton Drive).
The username of your proton account
Properties:
The password of your proton account.
NB Input to this must be obscured - see rclone obscure.
Properties:
The 2FA code
The value can also be provided with --protondrive-2fa=000000
The 2FA code of your proton drive account if the account is set up with two-factor authentication
Properties:
Here are the Advanced options specific to protondrive (Proton Drive).
The mailbox password of your two-password proton account.
For more information regarding the mailbox password, please check the following official knowledge base article: https://proton.me/support/the-difference-between-the-mailbox-password-and-login-password
NB Input to this must be obscured - see rclone obscure.
Properties:
Client uid key (internal use only)
Properties:
Client access token key (internal use only)
Properties:
Client refresh token key (internal use only)
Properties:
Client salted key pass key (internal use only)
Properties:
The encoding for the backend.
See the encoding section in the overview for more info.
Properties:
Return the file size before encryption
The size of the encrypted file will be different from (bigger than) the original file size. Unless there is a reason to return the file size after encryption is performed, otherwise, set this option to true, as features like Open() which will need to be supplied with original content size, will fail to operate properly
Properties:
The app version string
The app version string indicates the client that is currently performing the API request. This information is required and will be sent with every API request.
Properties:
Create a new revision when filename conflict is detected
When a file upload is cancelled or failed before completion, a draft will be created and the subsequent upload of the same file to the same location will be reported as a conflict.
The value can also be set by --protondrive-replace-existing-draft=true
If the option is set to true, the draft will be replaced and then the upload operation will restart. If there are other clients also uploading at the same file location at the same time, the behavior is currently unknown. Need to set to true for integration tests. If the option is set to false, an error "a draft exist - usually this means a file is being uploaded at another client, or, there was a failed upload attempt" will be returned, and no upload will happen.
Properties:
Caches the files and folders metadata to reduce API calls
Notice: If you are mounting ProtonDrive as a VFS, please disable this feature, as the current implementation doesn't update or clear the cache when there are external changes.
The files and folders on ProtonDrive are represented as links with keyrings, which can be cached to improve performance and be friendly to the API server.
The cache is currently built for the case when the rclone is the only instance performing operations to the mount point. The event system, which is the proton API system that provides visibility of what has changed on the drive, is yet to be implemented, so updates from other clients won’t be reflected in the cache. Thus, if there are concurrent clients accessing the same mount point, then we might have a problem with caching the stale data.
Properties:
Description of the remote.
Properties:
This backend uses the Proton-API-Bridge, which is based on go-proton-api, a fork of the official repo.
There is no official API documentation available from Proton Drive. But, thanks to Proton open sourcing proton-go-api and the web, iOS, and Android client codebases, we don't need to completely reverse engineer the APIs by observing the web client traffic!
proton-go-api provides the basic building blocks of API calls and error handling, such as 429 exponential back-off, but it is pretty much just a barebone interface to the Proton API. For example, the encryption and decryption of the Proton Drive file are not provided in this library.
The Proton-API-Bridge, attempts to bridge the gap, so rclone can be built on top of this quickly. This codebase handles the intricate tasks before and after calling Proton APIs, particularly the complex encryption scheme, allowing developers to implement features for other software on top of this codebase. There are likely quite a few errors in this library, as there isn't official documentation available.