Schedule Copy Command & RSA Private key Password stored in plaintext

Solverz · 27 June 2021 08:14

I understand that I can to set up a scheduled copy in the Web UI version from Storage A to Storage B.

If Storage A is encrypted by a RSA Public key, I need to specify the private key location using -key and encryption password using -key-passphrase so that Storage A can be decrypted and copied to Storage B.

“The -key and -key-passphrase options are needed if the source storage is encrypted by an RSA key.”

However, this then stores the encryption password in plaintext in the duplicacy.json file. Now I understand credentials are stored in an encrypted form somewhere, so is there a way that the -key-passphrase value can somehow be stored in an ecnrypted form also and not in plaintext?

gchen · 1 July 2021 21:02

You can run the CLI manually, which will ask you for the passphrase and then save it in the keyring/keychain.

To do that, just run the following commands in a terminal:

cd ~/.duplicacy-web/repositories/localhost/all
~/.duplicacy-web/bin/duplicacy_osx_x64_2.7.2 copy -from source -to destination

After that, the web GUI should be able to retrieve the passphrase from keyring/keychain.

Solverz · 2 July 2021 10:18

Great thank you, do you know how to do this with the saspus docker container?

gchen · 4 July 2021 04:20

It may be possible to set up keyring for a docket container but I think the process can be too complicated.

A workaround may be to set up Storage B as bit-identical to Storage A and then you can use rsync/rclone to copy from A to B.

In the future I’ll make the copy command to not decrypt chunks from the source storage if both storages are bit-identical. This will get rid of the need for the RSA private key.

Solverz · 4 July 2021 08:21

I think keyring is already set up in saspus duplicacy docker? I could be wrong.

I just not sure how to run the mentioned command if its in a docker