Password/key Management on MacOS (CLI)

I’m new to Duplicacy and my command line skills are very weak, but I’ve been tinkering in the unix terminal since the launch of the OS X beta so many years ago, so I thought I’d try the Duplicacy CLI. have it up and running well to both a local storage and to OneDrive Busines. b

But I think I’ve either made a mistake or run into a couple of bugs when it comes to the MacOS keychain and credentials. Hoping someone can help me figure out which it is.

Problem 1: initializing second backup (with new storage and password) erases first password in keychain.

  1. If I initialize a backup from repo1 to storage1 it will ask me for a password and then save that to my keychain. No problem.

  2. If I then create a new repo, repo2, and initialize a backup to storage2, it will ask me for a pssword and save it to my keychain, but this will wipe out my original saved password from storage1.

Perhaps this is how things are supposed to work, but as it stands I can’t see how I can save multiple storage backup passwords to the keychain.

Problem 2: Duplicacy tries but Fails to save odb token to keychain.
If I init a backup to a odb storage it asks me for the path to the token. When I give it the path it saves two items to the keychain:

  • The first is a “one_token” (that’s the “account type” in keychain) and the password field is completed with the path.
  • The second is an “odb_token” and the password field is blank.

If I try to run the backup again, it always asks for the path to the token.

I can fix the problem by opening the odb_token keychain item and manually saving the path there, but this seems like a bug. Right?

This second issue may be related to my earlier failure to try to save the token path to the settings file. I was able to save a “one_token” key, but that was never read when I tried to run the backup. The page that lists all the info on passwords and credentials does not include the key “odb_key.”

You can initialize the second storage with a storage name using the -storage-name option.

By default, a storage initialized without the -storage-name option is named default. When a storage is named default the storage name isn’t added to the name of the password (or the environment variable). So if you give second storage a storage name the password will be saved to keychain under a different name.

This is a bug. I’ll fix it. A workaround is to set the environment variable (run duplicacy -d list to show the number of the environment variable that Duplicacy is reading the password from). Or use the set command to save the token file path to the preferences file.

Thank you!

Answer 1 makes perfect sense and is very clear. Glad 2 wasn’t the result of my own confusion.