Synology Docker saspus container - keychain & website access

Duplicacy fits my backup requirements brilliantly - its a super solution!
The backup process is running perfectly, however I have a question on how best to secure the solution that is running from a Synology Docker saspus container image.

Is it possible to store the ‘Master Password’ in a keychain on the Synology? The concepts of Docker and the interaction with the Synology is new to me, however what I would like to achieve is that in the event of a reboot of the Synology, Duplicacy autostarts and runs backup-jobs. Is this possible?

After starting the solution I understand that the ‘Master Password’ is used to decrypt settings including the keys that are used with storage providers, meaning that once the Master Password has been entered the scheduled tasks can then run where keys are required. The effect I see is that anyone in the network can access the Duplicacy server website and could then restore data from the storage providers as the website requires no additional password. How is it best to handle the situation with a Synology Docker Image?

Is the Synology limited in these respects and it would be better to run under Linux or Windows to achieve better security?


1 Like

I don’t know if Synology supports keyring. Most likely it doesn’t. So the only option is to store the master password in the environment variable DWE_PASSWORD in the docker file.

If you don’t want anyone to be able to restore, you can enable New feature: RSA encryption.

Thanks for the information, it seems that the Synology docker method is a little limited to provide a security model for Duplicacy.

I will take a look at the DWE_PASSWORD variable and RSA encryption.

However using a Windows or Linux host I presume would be more simple and allow the website to be limited to the local host meaning that connection and authorisation is first required to the server on which Duplicacy is running?