Prevent API key from being saved

My understanding from this article is that:

The passwords will be stored when the backup command (or any other command apart from init or add ) is run for the first time.

This doesn’t seem to be the case as immediately after running the init command I can run duplicacy list without entering the API keys again. I only have to enter the storage password.

I then ran duplicacy set -no-save-password mentioned in the same article and then re-ran duplicacy list and not only did it it not prompt for the API key but it also didn’t prompt for the storage password.

As an extra step I ran duplicacy list -reset-passwords (with the preference of no-save-password set to true), this correctly prompted me for the API key and the storage password…but…if I run duplicacy list again it doesn’t prompt for either.

Any ideas how I can stop the API key and storage password from being remembered? For added security we only use temporary API keys to perform certain actions like prune and the fact that the old (now deleted) keys are being remembered is making this a fiddly process.

For reference I’m running on Windows and my storage backend is Backblaze.

You just need to remove the file .duplicacy/keyring. Since you already set -no-save-password this file should not be recreated when you enter any password.

Ok great, this works.

  1. init the repo.
  2. duplicacy set -no-save-password.
  3. Delete the .duplicacy/keyring file.

Now it asks for the API key (and storage password) every time.

Thanks @gchen :+1: