Duplicacy Web: Backup requires gcd-token.json file, instead of embedding and encrypting token

When I set up my backend storage with Google Drive I downloaded the gcd-token.json file from Google and put it in a temporary directory on my NAS. Then I pointed Duplicacy Web to this file. I was fully expecting that it would read and interpret the content of the file and store it encrypted inside the container (and indeed within the container there appears to be a GCD related configuration).

However after I deleted the gcd-token.json file, my backups started failing and i had to put that file in a more permanent location, delete and recreate the the Duplicacy storage.

It would be great, if Duplicacy would actually embed that file into its own configuration, ideally encrypted, like the rest of the credentials. And if other storage backends need a similar credential file, it would be a good behavior to have with all credentials.

This needs to be fixed in the CLI. It is the CLI that expects the plaintext token file and the web GUI is just passing the file path to the CLI. Maybe add an option to the CLI to pass the token directly?

Hi @gchen, thanks so much for looking into this.

  • Yes, a CLI parameter would be one option. What I don’t know, is how many other cloud backends need some sort of token and how universal you can make such a parameter. You probably wouldn’t want to have a dozen extra parameters to cover all possible cloud backends that need this. Again, just throwing this out there, as I have no idea, if this concern is based on reality.

  • Another option - though somewhat less secure - is to generate the gcd-token.json on the fly before each command involving such a backend and then deleting it afterwards. That wouldn’t require any changes to the CLI client, but also would make debugging more difficult, if there were any problems with the token. And the logic in the Web-Client would be a bit more tricky (what token file(s) do I need to generate/delete at what point)?

And (just letting my destructive imagination rund wild): What if you copy from GCD account A to GCD account B? Then you need two GCD tokens. But perhaps this would already currently be a problem?

So, yes, probably a CLI parameter, if it doesn’t muddy up things too badly.

I just ran into this myself with OneDrive (Business). I did an “add” of an odb:// storage location to an existing backup. I had just downloaded the odb-token.json and when prompted I entered the path to my Downloads folder. Now, every time I run a backup the file actually re-appears in the Downloads folder. However, when I try to run other commands against the storage (such as “list”) I get an error about the missing file:

Storage set to odb://CloudOnly/duplicacy/test

Failed to load the OneDrive storage at odb://CloudOnly/duplicacy/test: open /Users/user/Downloads/odb-token.json: no such file or directory

I’m glad I found this before adding a bunch of new backups to the storage, but does this mean I have to start over if I don’t want the token to exist in my Downloads folder forever?

macOS Catalina
Duplicacy 2.7.0
RSA encryption enabled
OneDrive Business

For anyone else that ends up here, I figured out that I can set a key/value pair with the file path and most things pick it up (so far, “duplicacy info …” is the exception and apparently by design).

Example:

duplicacy set -key odb_token -value </path/to/odb-token.json> -storage <storage path in question>

It would still be nice if the JSON could be embedded in preferences, seeing as we have to keep the file around in plain-text form anyway.

I don’t think you can rely on this working for too long as I believe the Web Edition will recreate the preferences file from the duplicacy.json where those settings are saved for executing the CLI…

Thus if you’re working with the Web Edition, I think the best method would be to move the odb-token.json to where you want it to be and then remove the storage and re-add it with the same name as before. This shouldn’t upset any existing backups or stats.

Good to know, thanks. I’m currently only using the CLI edition but I’ll make a note.

Aha! No worries, I peaked the title of this thread and assumed it was about the Web version. You’re all good. :slightly_smiling_face: