macOS keychain troubles: stores empty credentials?

I’m trying to init the storage and get duplicacy to use the keychain to store and retrieve credentials.

1. init:

   % rm -rf .duplicacy/preferences 
   % ~/Downloads/duplicacy_osx_x64_3.2.0 -d init test storj://12EayRS2V1kEsWESU9QMRseFhdxYxKicsiFmxrsLZHeLUtdps3S@us1.storj.io:7777/duplicacy/duplicacy
   Reading the environment variable DUPLICACY_STORJ_KEY
   Enter the API access key: [snip]
   Reading the environment variable DUPLICACY_STORJ_PASSPHRASE
   Enter the passphrase: [snip]
   Chunk read levels: [1], write level: 1
   The storage 'storj://12EayRS2V1kEsWESU9QMRseFhdxYxKicsiFmxrsLZHeLUtdps3S@us1.storj.io:7777/duplicacy/duplicacy' has already been initialized
   Compression level: 100
   Average chunk size: 4194304
   Maximum chunk size: 16777216
   Minimum chunk size: 1048576
   Chunk seed: 6475706c6963616379
   Hash key: 6475706c6963616379
   ID key: 6475706c6963616379
   /Users/[snip]/Downloads/new-storj will be backed up to storj://12EayRS2V1kEsWESU9QMRseFhdxYxKicsiFmxrsLZHeLUtdps3S@us1.storj.io:7777/duplicacy/duplicacy with id test
   

   
   
2. Check right away:

   % ~/Downloads/duplicacy_osx_x64_3.2.0 -d list
   Storage set to storj://12EayRS2V1kEsWESU9QMRseFhdxYxKicsiFmxrsLZHeLUtdps3S@us1.storj.io:7777/duplicacy/duplicacy
   Reading the environment variable DUPLICACY_STORJ_KEY
   Failed to get the value from the keyring: keyring: Password not found
   Enter the API access key:
   

   
   
3. Looking at the keychain, there is a new entry at the right date, but data is missing:

   % security find-generic-password -a storj_key
   keychain: "/Users/[snip]/Library/Keychains/login.keychain-db"
   version: 512
   class: "genp"
   attributes:
       0x00000007 <blob>="duplicacy"
       0x00000008 <blob>=<NULL>
       "acct"<blob>="storj_key"
       "cdat"<timedate>=0x32303233313030313034343830395A00  "20231001044809Z\000"
       "crtr"<uint32>=<NULL>
       "cusi"<sint32>=<NULL>
       "desc"<blob>=<NULL>
       "gena"<blob>=<NULL>
       "icmt"<blob>=<NULL>
       "invi"<sint32>=<NULL>
       "mdat"<timedate>=0x32303233313030313034353131365A00  "20231001045116Z\000"
       "nega"<sint32>=<NULL>
       "prot"<blob>=<NULL>
       "scrp"<sint32>=<NULL>
       "svce"<blob>="duplicacy"
       "type"<uint32>=<NULL>
   

   
   
4. Duplicacy executable is from the GitHub:

   % codesign -vvv ~/Downloads/duplicacy_osx_x64_3.2.0
   /Users/[snip]/Downloads/duplicacy_osx_x64_3.2.0: valid on disk
   /Users/[snip]/Downloads/duplicacy_osx_x64_3.2.0: satisfies its Designated Requirement
   

   
   
5. I’m using released current version of macOS:

   % sw_vers
   ProductName:		macOS
   ProductVersion:		14.0
   BuildVersion:		23A344
   

I already had a bad experience trying to make duplicacy work with keyring on Linux (macOS’s cousin):

At the time I gave up and configured keys with write-only permission in the preferences file and, with the RSA key, no one could restore my backups if they had read access to the storage through the machine that makes the backups.

Following this topic here with interest…

Check /var/log/system.log. After you enter the correct credentials, there should be error messages there if the CLI fails to store them in keychain.

There is nothing logged in /var/log/system.log during the storage init. The keychain item gets created successfully, it’s just its password field is empty.

The init command does not save the password. Does it ask you for the password the second time you run list?

Why though? Init creates a keychain item, but is not supposed to save password? Why does it create a keychain item then?

But no, list also does not save the credentials:

 % ~/Downloads/duplicacy_osx_x64_3.2.0 -d list
Storage set to storj://12EayRS2V1kEsWESU9QMRseFhdxYxKicsiFmxrsLZHeLUtdps3S@us1.storj.io:7777/duplicacy/duplicacy
Reading the environment variable DUPLICACY_STORJ_KEY
Failed to get the value from the keyring: keyring: Password not found
Enter the API access key: [snip]
Reading the environment variable DUPLICACY_STORJ_PASSPHRASE
Failed to get the value from the keyring: keyring: Password not found
Enter the passphrase:[snip]
Chunk read levels: [1], write level: 1
Compression level: 100
Average chunk size: 4194304
Maximum chunk size: 16777216
Minimum chunk size: 1048576
Chunk seed: 6475706c6963616379
Hash key: 6475706c6963616379
ID key: 6475706c6963616379
id: test, revisions: [], tag: , showFiles: false, showChunks: false
Listing revisions for snapshot test

 % ~/Downloads/duplicacy_osx_x64_3.2.0 -d list
Storage set to storj://12EayRS2V1kEsWESU9QMRseFhdxYxKicsiFmxrsLZHeLUtdps3S@us1.storj.io:7777/duplicacy/duplicacy
Reading the environment variable DUPLICACY_STORJ_KEY
Failed to get the value from the keyring: keyring: Password not found
Enter the API access key:^C%

 % tail /var/log/system.log
Oct  2 18:42:24 obsidian syslogd[138]: ASL Sender Statistics
Oct  2 18:52:30 obsidian syslogd[138]: ASL Sender Statistics
Oct  2 19:00:45 obsidian awdd[523]: Diagnostics Report
Oct  2 19:02:34 obsidian syslogd[138]: ASL Sender Statistics
Oct  2 19:13:04 obsidian syslogd[138]: ASL Sender Statistics
Oct  2 19:23:27 obsidian syslogd[138]: ASL Sender Statistics
Oct  2 19:29:39 obsidian login[43512]: USER_PROCESS: 43512 ttys000
Oct  2 19:33:32 obsidian syslogd[138]: ASL Sender Statistics
Oct  2 19:43:43 obsidian syslogd[138]: ASL Sender Statistics
Oct  2 19:53:45 obsidian syslogd[138]: ASL Sender Statistics

Indeed, looking here: https://github.com/gilbertchen/duplicacy/blob/fd3bceae19c544f689afe36afcc45bda97903fd7/src/duplicacy_storage.go#L743C1-L759C22 duplicacy indeed does not save password for storj to keychain, unlike every single other backend does. Why?

I’ll fix this tomorrow and release a new CLI version.

This has been fixed in Release Duplicacy Command Line Version 3.2.2 · gilbertchen/duplicacy · GitHub. Thanks for find the source of the issue!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.