After the enormous success of my previous post I thought it is time to start producing some tutorials. Each post will describe some component of the setup and hopefully each will have value on their own. In this post I will explain how to mount your Amazon Cloud Drive storage as a FUSE filesystem using acd_cli and how to read/upload encrypted files there.

As I described in my previous post, acd_cli does not support writing. If you have some files you want to put on your Amazon Cloud Drive, it’s not as simple as cp‘ing it from your machine into the directory of the acd_cli mount. Personally I have never came across a filesystem that handles writing to object storage perfectly anyway so this does not bother me too much and doesn’t affect our setup heavily.


Before we begins, the machine you’re trying to accomplish this setup on will require a few packages.

  • FUSE kernel module*
  • Encfs
  • acd_cli
  • An active internet connection (this should be obvious)

* If you’re trying to achieve this on a low cost VPS, be sure that either the server is not OpenVZ or the kernel module for FUSE is enabled by your host. This is an absolutely essential part of the setup.

Note: In this guide I will not cover the installation of any of these components (especially not the internet!). More will follow in the future and this page will be updated to reflect the installation notes.


Filesystem layout

This is the filesystem layout we will achieve in this post. acd-sorted and local-sorted should try and share directory structure.

During this post I will refer to some directories. These are:

  • /home/plex/.local-sorted/ - The encrypted files stored locally on your machine.
  • /home/plex/local-sorted/ - The encfs mountpoint of /home/plex/.local-sorted/ (the decrypted view).
  • /home/plex/.acd-sorted - The encrypted files stored on Amazon Cloud Drive and the encfs mountpoint.
  • /home/plex/acd-sorted - The encfs mountpoint of /home/plex/.acd-sorted/ (the decrypted view).

You can choose to swap out any of these directories for your own.

Local Encrypted Files

The first thing we want to do is get some encryption keys generated. This is as simple as mounting encfs for the first time, once this is done some encryption keys will be generated and stored in the encrypted directory (/home/plex/.local-sorted/). We want to copy that out once generated and store keep it safe.

To mount encfs we simply run:

encfs /home/plex/.local-sorted /home/plex/local-sorted

encfs will prompt you for your encryption settings (using the default is fine), and the password you wish to use. Be sure to also keep the password safe as it is essential for file decryption.

Once this has completed, any file you place in to /home/plex/local-sorted/ will be encrypted and appear at /home/plex/.local-sorted/.

To unmount the filesystem we have just created, use fusermount -u. This process is the same for unmounting any FUSE filesystem on Linux.

$ fusermount -u /home/plex/local-sorted

Now that the filesystem is unmounted, we can move the encryption key elsewhere. We will move this file to our home directory, the file is named .encfs6.xml.

$ mv /home/plex/.local-sorted/.encfs6.xml /home/plex/encfs.xml

Note: It’s absolutely essential that you back this file up. Be sure to keep it somewhere safe and backed up however keep it away from where you will store encrypted files (Amazon Cloud Drive).


Typically to remount an encfs filesystem, you would run the command you ran to initially create the encrypted directory, however as we have moved out the encryption key XML file we will need to reference this with an environment variable.

ENCFS6_CONFIG='/home/plex/encfs.xml' encfs /home/plex/.local-sorted /home/plex/local-sorted

You will be prompted for a password. This is the password you used initially to create the mount.

If you are not asked for a password, and are going through the security setup again - you have not defined the path to the encryption data file correctly.

Ensuring it Works

We can simple write a file to the decrypted mountpoint (/home/plex/local-sorted/) and see if an encryted file shows in the encrypted directory.

$ ls /home/plex/.local-sorted/ # This directory should be empty
$ touch /home/plex/local-sorted/test
$ ls /home/plex/.local-sorted/ # A file with a completely nonsense filename should now exist

Mounting Amazon Cloud Drive

The first time you use acd_cli you will need to generate an oauth_data file - this is stored at ~/.cache/acd_cli/oauth_data. To do this you will need to run:

$ acd_cli sync

On first run, acd_cli will redirect you to a browser to log in to Amazon Cloud Drive. acd_cli will need authorisation to read and write data on your drive, accept this. After authorising access you will be presented with a JSON file, save this to `~/.cache/acd_cli/oauth_data.

Now you should try and sync again.

$ acd_cli sync

If the output is “Done”, you’re good to proceed.

Note: If you are running a headless machine, you will still be able to authorise the acd_cli with a console based browser such as lynx.

Note: You should keep oauth_data safe and backed up also, however this file can be replaced if needed.

You can now proceed with mounting the acd_cli FUSE filesystem.

$ acd_cli mount /home/plex/.acd-sorted/

/home/plex/.acd-sorted/ will now have the files as they appear on Amazon Cloud Drive. Ideally in the future this will show nonsense files, files which you care about that have been encrypted.

Mounting encfs over acd_cli

We can now mount encfs over the acd_cli mount, to have something a little more meaningful.

ENCFS6_CONFIG='/home/plex/encfs.xml' encfs /home/plex/.acd-sorted /home/plex/acd-sorted

Note: This assumes that your encrypted files will be stored in the root directory of your Amazon Cloud Drive. It’s possible and absolutely normal to want to store your encrypted files in a subdirectory, to achieve this you will need to append the directory name to /home/plex/.acd_sorted.

Uploading Encrypted Files to Amazon

Since we can not write directly to Amazon Cloud Drive, we will need to use the command line upload tool. Luckily you can choose to upload an entire directory and acd_cli will skip over files which already exist on Amazon Cloud Drive, almost like rsync.

For this reason you should try and maintain the same directory structure on Amazon Cloud Drive as /home/plex/local-sorted/.

To upload your encrypted files:

acd_cli upload /home/plex/.local-sorted/* /

Note: Again, if you are not intending to upload to the root directory of Amazon Cloud Drive, append to /.

Hopefully that’s all! Your files should appear on /home/plex/acd-sorted/ after you run acd_cli sync.

Note: For your FUSE mount to show the most recent files, you will need to run acd_cli sync, this will update the local cache to the latest version as on Amazon.


Information on completing this setup with UnionFS-FUSE is now available here. By doing this you will ensure file structure consistency between Amazon Cloud Drive and your future uploads.