[Tutorial] One‑Click Encrypted USB Vault via VeraCrypt CLI – Secure Your Portable Data

Tutorials & Methods
, ,
1

[Tutorial] One‑Click Encrypted USB Vault via VeraCrypt CLI – Secure Your Portable Data

:megaphone: Introduction

Carrying sensitive files on a USB drive? Instead of relying on manual mounting GUIs, this CLI‑based script lets you create, mount, and unmount a VeraCrypt volume on any OS with a single command—perfect for ultra‑secure, on‑the‑go encryption.

  • Why it rocks:
    1. Fully automated – no more fumbling through menus.
    2. Cross‑platform – works on Windows, macOS, and Linux.
    3. Customizable – choose container size, password complexity, and encryption algorithm.
    4. Scriptable – integrate into your daily workflow or hotkey it.

:memo: Step‑by‑Step Guide

Step 1. :white_check_mark: Install VeraCrypt CLI

  • Windows: Download and install VeraCrypt, then add its install folder (e.g., C:\Program Files\VeraCrypt\) to your PATH system variable.
  • macOS/Linux:

bash

# macOS via Homebrew
brew install --cask veracrypt
# Linux (Debian/Ubuntu)
sudo apt-get install veracrypt

Step 2. :hammer_and_wrench: Create the Toggle Script

Cross‑Platform Shell Script (vault.sh)

  1. Create vault.sh alongside your USB’s root directory:

bash

#!/usr/bin/env bash
VOL_PATH="$(dirname "$0")/secure.vc"
MOUNT_POINT="$HOME/USBVault"
PASSWORD="YourStrongP@ssw0rd"
SIZE="100M"
if mount | grep -q "$MOUNT_POINT"; then
  echo "🔒 Unmounting vault..."
  veracrypt -d "$MOUNT_POINT"
  echo "✅ Vault unmounted."
else
  if [ ! -f "$VOL_PATH" ]; then
    echo "🛠️ Creating encrypted container..."
    veracrypt --text --create "$VOL_PATH" \
      --size "$SIZE" \
      --password "$PASSWORD" \
      --encryption AES \
      --hash SHA-512 \
      --filesystem exFAT \
      --quick
    echo "✅ Container created at $VOL_PATH."
  fi
  echo "🔑 Mounting vault..."
  mkdir -p "$MOUNT_POINT"
  veracrypt --text --mount "$VOL_PATH" "$MOUNT_POINT" \
    --password "$PASSWORD"
  echo "✅ Vault mounted at $MOUNT_POINT."
fi
  1. Make it executable and run:

bash

chmod +x vault.sh
./vault.sh

Step 3. :bullseye: Quick‑Access Shortcut

  • Windows: Wrap the above logic in a .bat file calling veracrypt.exe similarly, then create a desktop shortcut with “Run as administrator.”
  • macOS/Linux: Assign a keyboard shortcut in your system settings to run vault.sh whenever you insert your USB drive.

:magnifying_glass_tilted_left: Tips & Best Practices

  • Password Rotation: Edit the PASSWORD variable and re-create the container periodically.
  • Backup Header: Use veracrypt --text --backup-header to save recovery headers.
  • Auto‑Lock on Eject: Combine vault.sh with udev (Linux) or Automator (macOS) to auto‑unmount when the drive is removed.

Over to You!

let’s keep this thread buzzing!

Posted by: @JACK_DENIS

4 Likes