Trouble with the encryption password on a headless Linux box

I’m having trouble with the encryption password on a headless Linux box (an LXC container on Proxmox, technically).

Every time I start Duplicacy Web Edition, it asks for the encryption password (in the web UI). I understand that’s used to decrypt the other passwords. However, this a headless box, and I’m running Duplicacy automatically on startup. I need it to just start working once it comes up without waiting for a password. I’m currently running Duplicacy Web Edition as root using cron on startup.

I’m checking the box to save the password to the keyring, but it doesn’t seem to work. I installed gnome-keyring and tried again, but it still didn’t work.

Can you give me some direction on where to check for errors or otherwise figure out how to get it to save the encryption password so I don’t have to remember to go enter it every time that box is restarted?

EDIT: I just noticed these two lines at startup in duplicacy_web.log:

2019/03/18 12:37:07 Failed to get the value from the keyring: keyring/dbus: Error connecting to dbus session, not registering SecretService provider: dbus: DBUS_SESSION_BUS_ADDRESS not set
2019/03/18 12:37:07 Failed to decrypt the testing data using the password from KeyChain/Keyring: crypto/aes: invalid key size 0

I’m happy to store the passwords unencrypted in the preferences file, if that’s an option. But I don’t see a way to do that with the UI, and I’m not sure if I should edit the file directly.

Duplicacy uses dbus to communicate with gnome-keyring so you need to set up dbus as well. I believe you need to set DBUS_SESSION_BUS_ADDRESS by running export $(dbus-launch).

Hmm. I’m trying to keep this as simple as possible. Is there a way I can just store the unencrypted passwords for my storages in the config file?

From what I’m reading, gnome-keyring isn’t really intended for headless setups and definitely isn’t intended for root, so I’d prefer not to come up with a dirty/tricky workaround. I guess I could run Duplicacy as a different user, but I’d really just like to do the easiest thing here.

You can do that with the set command: Set command details .

But don’t I need to set it in the Duplicacy Web Edition config file? That command would only work for each Duplicacy repository it generates automatically, right?

The set command is used from the cli. I’m not sure though how you should use that command with the repositories created by the web gui.

@gchen I’ve looked into this best I can, and it doesn’t seem feasible to use gnome-keyring on a headless environment and starting the process with cron. Is there any alternative here? I’m perfectly happy storing the passwords unencrypted in duplicacy.json, but that doesn’t seem to work.

I can’t use the set command as @TheBestPessimist suggested because that’s only for the regular Duplicacy CLI. I don’t see any equivalent for the Duplicacy Web Edition config.

This is really causing me trouble because my backups don’t run most of the time since it doesn’t have the encryption password. If I restart the box, I have to remember to go enter the password. And even once I’ve done so, it seems to lose it after a while.

The situation is made even worse by the fact that my email alerts don’t work while it’s waiting for the encryption password, so I don’t even know anything is wrong.

I’d really appreciate any help you can give here. Unfortunately this isn’t reliable on a headless Linux setup for now because of this issue.

@Compeek sorry I completely forgot about this undocumented feature – you can set the environment variable DWE_PASSWORD which is the master encryption password in the Duplicacy Web Edition. This master password is used to encrypt/decrypt all credentials passed to the CLI. If you set this variable then the Web Edition won’t need to retrieve the password from the keyring.

It works! Thank you so much.

For anyone: Feel free to use the button on the posts that you found useful.

For the OP of any #support topic: you can mark the post that solved your issue by ticking the box under the post. That of course may include your own post