Password not stored in keyring on Ubuntu 18.04 using CLI

Hi,

I’ve been testing out Duplicacy CLI on Ubuntu 18.04, and am quite pleased with it. One thing I haven’t been able to figure out, though, is how to store the storage/encryption password in an encrypted form somewhere.

According to the guide (Passwords, credentials and environment variables), once I enter the password for the first time it should be stored in the keyring, but that doesn’t seem to happen: I either have to enter it each time, or add it to the preferences file (plain-text).

Testing with the Web GUI the password does get stored, so the mechanism itself seems to work.

Anyone have any ideas what the problem might be, or how to troubleshoot the issue?

Thanks!

P.S. Not sure if it makes any difference, but I’m using the KDE desktop - nothing related to Duplicacy is stored in the KDE wallet, nor are there any DUPLICACY_ environment variables.

Maybe these could be relevant:

Thanks for the reply!

I had seen those two posts, but I’m running Duplicacy on my desktop computer under my own user id, so this doesn’t seem to apply to my situation.

The password article specifically mentions the Gnome keyring, which I don’t have as I’m running KDE - could that be the problem?

On linux the CLI stores every password/credential in the Gnome keyring, so it is required.

The web GUI stores only the master password in the Gnome keyring. In case the Gnome keyring isn’t available, it will require you to enter the password on start. All other passwords/credentials are then encrypted by this master password and securely stored in the ~/.duplicacy-web/duplicacy.json file.

2 Likes

OK, clear, thanks for the info!

For anyone: Feel free to use the :heart: button on the posts that you found useful.

For the OP of any #support topic: you can mark the post that solved your issue by ticking the image box under the post. That of course may include your own post :slight_smile:

A quick update…

After (re)installing gnome-keyring

sudo apt install gnome-keyring

and reinitialising my Duplicacy repository my credentials were stored in the Gnome keyring, and I could manually run a backup from the command line without having to enter any credentials. However, attempting the same in a cron job, it was apparent the password wasn’t available there:

ERROR PASSWORD_READ Failed to read the password: EOF

After some investigation and lots of trial and error I managed to read the credentials from the keyring in the bash job executed by cron. In case someone is facing the same problem, here’s what I did (on Ubuntu 18.04 and KDE Plasma 5.12):

  1. Install secret-tool (which will allow access to the Gnome keyring from the command line):
    sudo apt install libsecret-tools

  2. Find your DBUS session address (which is needed by secret-tool runnning under cron):
    printenv DBUS_SESSION_BUS_ADDRESS
    In my case, the result is:
    unix:path=/run/user/1000/bus

  3. Create a bash job and schedule it using crontab:

#!/bin/sh

# Connect to DBUS session
export DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/1000/bus"

# Set Duplicacy environment variables
export DUPLICACY_PASSWORD=`/usr/bin/secret-tool lookup username password`

# Perform backup
cd /home/john/Documents/Duplicacy
/usr/local/bin/duplicacy -log backup -stats

Note: you can use the same ‘trick’ for other environment variables; for example, for Backblaze B2 storage:

export DUPLICACY_B2_ID=`secret-tool lookup username b2_id`
export DUPLICACY_B2_KEY=`secret-tool lookup username b2_key`

You can find the attribute and value for the secret-tool lookup in Seahorse (Gnome´s Passwords and Keys GUI):
20190612_11%3A42%3A24_b2_id%20-%20duplicacy

5 Likes

Congratulations for figuring it out and also thanks for telling us how you did it!