Best practice for different storage passwords


I need your thoughts :wink:


  1. I will place 3 backup PCs (duplicacy, encrypted) on different locations.
  2. In each location several devices will backup to the local backup PC.
  3. I want to rsync the 3 backup PCs in order to have (online) offsite backups of all 3 backup-pc. So I need to have the same chunk public key and have to be bit-identical. (The topic pruning is not relevant for the use case, backup space is cheap)
  4. Each backup-PC shall not be able see directory structure (metadata) of the (rsynced) backups of the other backup PCs, so the storage key for metadata needs to be different per backup PC (I suppose).
  5. I, as the chief, :wink: have all keys / passwords.


  1. As far as I understand, the key for metadata is stored in the file config, so I must not rsync the config file. It needs to be different on each backup PC (storage).

  2. Can I copy the config file and change the password? But this would not change the crypt key for metadate would it?

8 Or do I have to use the command “add” and the option “-bit-identical” in order to generate the two further storages? Do I have to use the command “add” despite of the fact that each repository is backed up just to one backup PC (storage)

  1. Can i remove the added storage (anti-add command?) for the repository afterwords, as far as it will be backed up only to one (its default) storage? Or is there another way to generate a bit identical config file with a new repository password?

  2. The password I use for the backup command is per storage and is identical for all repositories which backup to this storage, right?

Maybe this will get into the wiki, which I searched but did not understand everything.