Easy folder data encryption in Fish Shell using GoCryptFS.
Install gocryptfs:
Open a terminal and install gocryptfs.
Arch: sudo pacman -S gocryptfs
Debian/Ubuntu: sudo apt install gocryptfs
Likely available via dnf in Red Hat based distributions, but I have not checked.
Note: Install fuse if not already installed.
Create folders:
Do this under your home directory, i.e., /home/your_user_name.
.cipher # Folder holding the encryption stuffs. Do not place this directory in an online storage directory.
Private # Folder to store your private data. Private can live in an online storage folder, like the Dropbox folder, to encrypt data being moved around the cloud.
Note: Use any folder name you prefer instead of Private. I hide the cipher folder to keep it out of my way, but it does not need to be hidden.
mkdir .cipher Private
Initialize and save the master key for safe storage in case you get locked out. Keep your key on a USB away from your system storage and lock it away.
Do this under your home directory root, i.e., /home/your_user_name.
gocryptfs -init .cipher
You will be asked for a password. You could store the password using pass for convenience, and create an alias for it as well, or put it in whatever password vault you use.
Mount and save or retrieve your private data.
gocryptfs .cipher Private
Create Fish aliases to manage encrypted data.
In Fish Shell issue the following commands to create aliases.
Note: If you are in the Private folder when issuing cpd, you will receive a resource error. If you issue a pd while in the Private folder, you will need to move out then back in to the folder to see your files.
pd = Open Private Data. Can be anything you want, just make sure you do not have a system command that matches.
alias --save pd="gocryptfs ~/.cipher ~/Private"
cpd = Close Private Data. Same as above, can be whatever you like.
alias --save cpd="umount ~/Private"
Note: You can do “cd ~ | umount ~/Private” in the alias to guarantee you are not using the resource, but you may wish to edit the alias file in .config/fish/functions and add a condition so you don’t get moved to home if running the alias from other directories.
Note: You can use -i when issuing the gocryptfs command to unmount the encrypted folder after a period of time automatically. Reboot will automatically unmount the encrypted data.
You can also create aliases in other shells, but the process would be similar.
Now you can type pd and cd into Private to access your encrypted files.
