Passwords, credentials and environment variables

keyring
config
preferences

#1

Duplicacy will attempt to retrieve in three ways the storage password and the storage-specific access tokens/keys.

  • If a secret vault service is available, Duplicacy will store passwords/keys entered by the user in such a secret vault and later retrieve them when needed. On Mac OS X it is Keychain, and on Linux it is gnome-keyring. On Windows the passwords/keys are encrypted and decrypted by the Data Protection API, and encrypted passwords/keys are stored in the file .duplicacy/keyring. However, if the -no-save-password option is specified for the storage, then Duplicacy will not save passwords this way.
  • If an environment variable for a password is provided, Duplicacy will always take it. The table below shows the name of the environment variable for each kind of password. Note that if the storage is not the default one, the storage name will be included in the name of the environment variable (in uppercase). For example, if your storage name is b2, then the environment variable should be named DUPLICACY_B2_PASSWORD.
  • If a matching key and its value are saved to the preference file (.duplicacy/preferences) by the set command, the value will be used as the password. The last column (key in preferences) in the table below (use the bottom bar to scroll the table to the right) lists the name of the preference key for each type of password.

password type environment variable (default storage) environment variable (non-default storage in uppercase) key in preferences
storage password DUPLICACY_PASSWORD DUPLICACY_<STORAGENAME>_PASSWORD password
sftp password DUPLICACY_SSH_PASSWORD DUPLICACY_<STORAGENAME>_SSH_PASSWORD ssh_password
sftp key file DUPLICACY_SSH_KEY_FILE DUPLICACY_<STORAGENAME>_SSH_KEY_FILE ssh_key_file
Dropbox Token DUPLICACY_DROPBOX_TOKEN DUPLICACY_<STORAGENAME>>_DROPBOX_TOKEN dropbox_token
S3 Access ID DUPLICACY_S3_ID DUPLICACY_<STORAGENAME>_S3_ID s3_id
S3 Secret Key DUPLICACY_S3_SECRET DUPLICACY_<STORAGENAME>_S3_SECRET s3_secret
BackBlaze Account ID DUPLICACY_B2_ID DUPLICACY_<STORAGENAME>_B2_ID b2_id
Backblaze Application Key DUPLICACY_B2_KEY DUPLICACY_<STORAGENAME>_B2_KEY b2_key
Azure Access Key DUPLICACY_AZURE_KEY DUPLICACY_<STORAGENAME>_AZURE_KEY azure_key
Google Drive Token File DUPLICACY_GCD_TOKEN DUPLICACY_<STORAGENAME>_GCD_TOKEN gcd_token
Google Cloud Storage Token File DUPLICACY_GCS_TOKEN DUPLICACY_<STORAGENAME>_GCS_TOKEN gcs_token
Microsoft OneDrive Token File DUPLICACY_ONE_TOKEN DUPLICACY_<STORAGENAME>_ONE_TOKEN one_token
Hubic Token File DUPLICACY_HUBIC_TOKEN DUPLICACY_<STORAGENAME>_HUBIC_TOKEN hubic_token
Wasabi Key DUPLICACY_WASABI_KEY DUPLICACY_<STORAGENAME>_WASABI_KEY wasabi_key
Wasabi Secret DUPLICACY_WASABI_SECRET DUPLICACY_<STORAGENAME>_WASABI_SECRET wasabi_secret
webdav password DUPLICACY_WEBDAV_PASSWORD DUPLICACY_<STORAGENAME>_WEBDAV_PASSWORD webdav_password

:bulb: Note that the passwords stored in the environment variable and the preference need to be in plaintext and thus are insecure and should be avoided whenever possible.

:bulb: Note that you must use the wasabi environment variables instead of the s3 environment variables if you are using the wasabi storage URL.

:bulb: The passwords will be stored when the backup command (or any other command apart from init or add) is run for the first time. This means you need to make sure that you do that first run interactively, i.e. not via a script (unless it passes on the password prompts, of course).

Saving credentials to Duplicacy config file

Use one of the above environment variables, but lowercase and remove duplicacy_

Example: duplicacy set -key b2_id -value 6fdd6eeeefff

or: duplicacy set -storage mybackupstorage -key b2_id -value 6fdd6eeeefff

or: duplicacy set -key b2_id -value “passphrase with spaces”

Changing passwords

To change passwords that have been stored in the keychain/keyring, use the list command with the -reset-passwords option.


How to start from scratch (CLI)?
List command details
Increase the post width
Backups on Cron Job
Set command details
Duplicacy User Guide
Issue with storage password as script environment variable
Duplicacy Init Setup SFTP Syntax Error
B2 credentials somehow no longer work on new Mac install
Issue with storage password as script environment variable
#2

But how shall I store the passwords to a keyring (on Windows)?


#3

The file containing passwords is called keyring and is located in the folder .duplicacy in each of your repositories.

Is this what you mean, as i don’t quite understand the question :woozy_face:


#4

I am asking how to get passwords etc stored there? I initialized a repository and storage, but the encryption password was not put on that file.

Answering to myself. duplicacy saves automatically the information (passwords, one_token, B2 keys, etc) to the keyring when you run backup for the first time and enter the information manually.