I noticed that the all options passed via the Web UI are being logged to .duplicacy-web/logs/duplicacy_web.log, and when restoring an RSA encrypted backup the passphrase for the private key of course ends up in the log as well.
I can think of 2 ways to improve this:
- Mask the value passed to -key-passphrase (if present in the options)
- Add a Key Management section in the Web UI, where RSA keys can be registered. That would make it possible to select a registered RSA key from a dropdown on the Restore page, thus avoiding the need to paste the path to the key and its clear text passphrase in the Options field. NB: (1) would probably have to be implemented as well, since the command line still would have to be constructed the same way.
In any case would (2) greatly simplify using RSA keys since one would only need to bother with paths and passphrases once (when registering a key), reducing the risk for copy/paste errors during restore.