I just run the check command configured via Web UI and received the E-Mail Report as intended. As I am using RSA in my backup, I had to configure the passphrase in the check command Web UI job as well. Is there any way to obscure the password at least when sent to E-Mails? Ideally, when printed/logged everywhere.
As a workaround, you can specify the passphrase in the environment variables for webui, and duplicacy CLI shall inherit it; then you won’t have to specify it in the command line.
The rest of credentials are already passed to CLI via environment variables so there won’t reduce security locally.
Thx for you response. I am using the Web Edition on my QNAP NAS, specifically duplicacy_web_qnap_x86_64_1.8.3.qpkg. Passing environment variables isn’t possible for such an environment out of the box imo.
However, thx to your post I came across a couple of guides about that topic. What I tried is to use duplicacys’ set command with that rather odd approach:
# cd /share/CE_CACHEDEV1_DATA/.qpkg/Duplicacy/.duplicacy-web/repositories/localhost/all/.duplicacy
# ./../../../bin/duplicacy_linux_x64_3.2.3 set -encrypt -key rsa_passphrase -value '<password>'
# cat preferences
...
"keys": {
"rsa_passphrase": "my_plaintext_escaped_password"
},
...
Unfortunately, when I run the check command via Web UI it aborts with this message, immediately:
Enter the passphrase for /root/private.pem:2025-02-03 21:54:17.334 ERROR PASSWORD_READ Failed to read the password: EOF
exit status 100
And the file content will also be reset to the previous state w/o the password. This makes me doubt whether the Duplicacy QNAP Web UI Edition is supposed to be used via CLI at all. Maybe an app restart is also need (tried both, anyway)?
Side notes:
- My password contains special characters. It seems to be properly escaped in the config files, though.
- A duplicacy password is also configured to encrypt the settings file itself.
-
-encryptdoesn’t seem to do anything different. I don’t understand it’s purpose, also. - As I said in my initial post: passing the passphrase as plain text via argument configured via Web UI does work.
These are temporary and overwritten by web ui. Changing them won’t work.
Qnap runs Linux. You can alway define user-wide environment variables. I don’t know what launcher is Qnap using to start applications but ultimately they use system scheduler.
You can also try replacing duplicacy CLI executable with the shell script that will add the environment variable or an argument and exec an actual Duplicacy CLI.
You would need to prevent webui from updating Duplicacy CLI and thus overwriting your shell file. You can do this by setting cli_version in Duplicacy.json
I haven’t tried that so I’m not sure if webui verifies the hashes of the cli.
A crucial information I wasn’t aware of. Would be good if I had knew that upfront.
I tried to modify the dwe.sh and pass the environment variables there. Both via an export DUPLICACY_RSA_PASSPHRASE='password' and a env DUPLICACY_RSA_PASSPHRASE='password' prefix when it’s invoking the web ui binary. Shows the same error in the UI, though.
Also tried the binary replacement with an sh script and the same environment passing variants. No success.
I was able to verify the files are actually executed (e.g. add an exit invocation or when I forgot to chmod the script, which the logs actually revealed correctly with a permission denied.).
Passing a wrong password does also throw the same error. I’d assume it would otherwise show a password wrong error or something. But this looks like the password can’t be read at all (EOF).
I invoke the check option via Web UI with these options also: -key /root/private.pem -threads 8 and no global options set.
Perhaps the environment variable name shall contain the storage configuration name from the .duplicacy/preferences file, unless it’s “default”, which I guess it’s not.
Add “-d” to global flags to Duplicacy CLI – it shall also print in the logs what environment variables is it looking at.
Seems like you’re right. And I managed to make it work now with the explicit name. However, I have just one storage configured. And the configuration files I saw looked like my storage is also the default one. Where can I check it correctly?
Yesterday I tried the env stuff by editing the preferences file also with the explicit name but it got probably overwritten, thus it didn’t work in that case. Also I was confused about the “storage name”. I thought the name is b2://MYNAS. I double checked with some cli commands and they accepted this term. Also configured the environment variable with that name. However, the storage name seems to be just Duplicacy (at least for the env stuff to work).
Iong story short: my script looks like this now, replacing the actual binary file which I renamed:
> cat /share/CE_CACHEDEV1_DATA/.qpkg/Duplicacy/.duplicacy-web/bin/duplicacy_linux_i386_3.2.3
#!/bin/sh
env DUPLICACY_DUPLICACY_RSA_PASSPHRASE='nope' /share/CE_CACHEDEV1_DATA/.qpkg/Duplicacy/.duplicacy-web/bin/duplicacy_linux_x64_3.2.3_bin "$@"
This is still not an ideal solution, but way better than before. Probably, it won’t survive app updates. Hopefully, it will at least survive NAS reboots. QNAP devices tend to delete stuff on reboot that is supposed to be “internal” 
Thank you for your support @saspus