CESNET · milkydan · Mar 13, 2026 · Mar 13, 2026 · Apr 9, 2026 · Apr 9, 2026
diff --git a/content/docs/object-storage-s3/meta.json b/content/docs/object-storage-s3/meta.json
@@ -16,6 +16,7 @@
     "boto3",
     "s3-features",
     "veeam-backup",
-    "synology"
+    "synology",
+    "rclone-encryption-module"
   ]
 }
diff --git a/content/docs/object-storage-s3/rclone-encryption-module.mdx b/content/docs/object-storage-s3/rclone-encryption-module.mdx
@@ -0,0 +1,113 @@
+---
+title: Rclone encryption utility
+---
+This application simplifies the use of rclone tool for transferring information from a Data Protection Officer (DPO) to an end user via S3 object storage. It uses encrypted configuration for rclone. The application consists of two components:
+
+- **rclone_config_dpo** – for the Data Protection Officer
+- **rclone_config** – for the end user
+
+The applications are available for download (Linux and Windows) at: [rclone-config-gui](https://github.com/CESNET/rclone-config-gui/actions)
+
+## Data Protection Officer utility
+
+The tool is not digitally signed. A warning from Microsoft Defender will be displayed.
+
+![](/img/data-care/rclone-encryption-module/01_ss.png)
+
+Click More info.
+
+![](/img/data-care/rclone-encryption-module/02_ss.png)
+
+Select Run anyway to continue.
+
+![](/img/data-care/rclone-encryption-module/11_spusteni.png)
+
+After launch, no configuration file is loaded by default.
+
+![](/img/data-care/rclone-encryption-module/12_new.png)
+
+In the File menu, you can create a new configuration file or open an existing one.
+
+![](/img/data-care/rclone-encryption-module/13_new_profile.png)
+
+When creating a new configuration file, you will be prompted to enter an S3 profile name. This name is used to logically separate individual S3 configurations.
+
+![](/img/data-care/rclone-encryption-module/15_w_empty.png)
+
+The main window allows you to enter the required parameters.
+
+![](/img/data-care/rclone-encryption-module/21_s3_ko.png)
+
+Enter the S3 access credentials. You can verify them using the Test button.
+A red “X” indicates that the connection to S3 has failed.
+
+![](/img/data-care/rclone-encryption-module/22_s3_ok.png)
+
+A green arrow indicates a successful connection test to the S3 storage.
+
+![](/img/data-care/rclone-encryption-module/31_bucket_n.png)
+
+Enter the name of the bucket that will be used for data transfer.
+Click Test Bucket. If the bucket is not accessible, you can select another one or create a new bucket in the following dialog.
+
+![](/img/data-care/rclone-encryption-module/32_select_bucket.png)
+
+Select an existing bucket or create a new one.
+
+![](/img/data-care/rclone-encryption-module/33_selected_bucket.png)
+
+<Callout type="warn" icon="⚠️">
+Do not use the “X” button in the top-right corner to close this dialog, as it will close the main application.
+</Callout>
+
+Select the newly created bucket from the list of available buckets.
+
+![](/img/data-care/rclone-encryption-module/34_test_sel_bucket_ok.png)
+
+The bucket test should now report OK.
+
+![](/img/data-care/rclone-encryption-module/41_save_enc.png)
+
+Generate the password and password2 using the Generate buttons. It is highly recommended to use passwords generated by the application.
+
+Enter the password used to encrypt the configuration file and click Save encrypted. The configuration file will be stored in encrypted form.
+
+<Callout type="info" emoji="ℹ️">
+All data within the application is stored in RAM only. All data written to disk is encrypted.
+</Callout>
+
+![](/img/data-care/rclone-encryption-module/51_reload_enc.png)
+
+After saving the encrypted configuration file, the Config Password will be required to load it again.
+
+![](/img/data-care/rclone-encryption-module/52_enc_export.png)
+
+At this point, the encrypted configuration file is ready. You can now specify an export password to generate configuration files for individual recipients. These configuration files are encrypted using the specified export password.
+
+## End user utility
+
+The tool is not digitally signed. A warning from Microsoft Defender will be displayed.
+
+![](/img/data-care/rclone-encryption-module/01_ss.png)
+
+Click More info.
+
+![](/img/data-care/rclone-encryption-module/02_ss.png)
+
+Confirm by selecting Run anyway.
+
+![](/img/data-care/rclone-encryption-module/71_open.png)
+
+Open the configuration file provided by the DPO. Enter the password supplied by the DPO.
+
+![](/img/data-care/rclone-encryption-module/72_open2.png)
+
+The application will load the available parameters from the configuration file. Enter your S3 access credentials and validate the configuration using the **Test S3** button.
+
+![](/img/data-care/rclone-encryption-module/73_s3_ok.png)
+
+Enter a new password to encrypt the configuration file. This password will be required when using rclone to access the data provided by the DPO.
+
+![](/img/data-care/rclone-encryption-module/75_save.png)
+
+You now have your own rclone configuration file.
diff --git a/public/img/data-care/rclone-encryption-module/01_ss.png b/public/img/data-care/rclone-encryption-module/01_ss.png
diff --git a/public/img/data-care/rclone-encryption-module/02_ss.png b/public/img/data-care/rclone-encryption-module/02_ss.png
diff --git a/public/img/data-care/rclone-encryption-module/11_spusteni.png b/public/img/data-care/rclone-encryption-module/11_spusteni.png
diff --git a/public/img/data-care/rclone-encryption-module/12_new.png b/public/img/data-care/rclone-encryption-module/12_new.png
diff --git a/public/img/data-care/rclone-encryption-module/13_new_profile.png b/public/img/data-care/rclone-encryption-module/13_new_profile.png
diff --git a/public/img/data-care/rclone-encryption-module/15_w_empty.png b/public/img/data-care/rclone-encryption-module/15_w_empty.png
diff --git a/public/img/data-care/rclone-encryption-module/21_s3_ko.png b/public/img/data-care/rclone-encryption-module/21_s3_ko.png
diff --git a/public/img/data-care/rclone-encryption-module/22_s3_ok.png b/public/img/data-care/rclone-encryption-module/22_s3_ok.png
diff --git a/public/img/data-care/rclone-encryption-module/31_bucket_n.png b/public/img/data-care/rclone-encryption-module/31_bucket_n.png
diff --git a/public/img/data-care/rclone-encryption-module/32_select_bucket.png b/public/img/data-care/rclone-encryption-module/32_select_bucket.png
diff --git a/public/img/data-care/rclone-encryption-module/33_selected_bucket.png b/public/img/data-care/rclone-encryption-module/33_selected_bucket.png
diff --git a/public/img/data-care/rclone-encryption-module/34_test_sel_bucket.png b/public/img/data-care/rclone-encryption-module/34_test_sel_bucket.png
diff --git a/public/img/data-care/rclone-encryption-module/34_test_sel_bucket_ok.png b/public/img/data-care/rclone-encryption-module/34_test_sel_bucket_ok.png
diff --git a/public/img/data-care/rclone-encryption-module/41_save_enc.png b/public/img/data-care/rclone-encryption-module/41_save_enc.png
diff --git a/public/img/data-care/rclone-encryption-module/51_reload_enc.png b/public/img/data-care/rclone-encryption-module/51_reload_enc.png
diff --git a/public/img/data-care/rclone-encryption-module/52_enc_export.png b/public/img/data-care/rclone-encryption-module/52_enc_export.png
diff --git a/public/img/data-care/rclone-encryption-module/71_open.png b/public/img/data-care/rclone-encryption-module/71_open.png
diff --git a/public/img/data-care/rclone-encryption-module/72_open2.png b/public/img/data-care/rclone-encryption-module/72_open2.png
diff --git a/public/img/data-care/rclone-encryption-module/73_s3_ok.png b/public/img/data-care/rclone-encryption-module/73_s3_ok.png
diff --git a/public/img/data-care/rclone-encryption-module/75_save.png b/public/img/data-care/rclone-encryption-module/75_save.png