Why is there a Master Password?

Serious question that I don’t understand–I’m not trying to sound like a smart-ass, though I realize my question kind of comes-off that way, sorry:

  • The Master Password is not the encryption password for the backup.
  • The Master Password obfuscates the encryption password locally.
  • The need of the Master Password prevents the program from starting automatically (which you never want in a backup program).
  • If my attacker is sitting in front of my computer, he doesn’t care about my backup encryption password, because he’s already sitting in front of my computer.
    So…Why is there a Master Password? It seems to just get in the way.

The master password reduces the problem of storing many storage passwords/credentials to the problem of storing one master password.

You don’t want to store those storage passwords/credentials in plaintext, so you want to use KeyChain on macOS, CryptoAPI on Windows, and Keyring on Linux. However, these things may not be available (for headless linux) or not reliable sometimes, and if that happens you’ll just need to enter the master password on the web page or set up the DWE_PASSWORD environment variable before running the web GUI.


How is so? It’s actually what you absolutely always do want in a backup program – backup should be automatic and unattended.

Or did you mean something else?

1 Like

I think he’s saying that you never want something to prevent your backup program from starting automatically. So I think you’re both in agreement.


Ah, you maybe right. I misread — the problem is not that it starts automatically but that it is prevented from starting automatically.

1 Like

Sorry I’m new to Duplicacy and CLI in general. I’ve only ever encountered storage passwords in the CLI version, which as I understand it, are used to encrypt the config file that stores the (randomly generated) encryption keys. This storage password is then encrypted via the OS and stored in keychain/keyring (unless -no-save-password is set).

How does the Web Edition Master Password fit in here? Is it the same as the “Encryption Password” in settings? Does it take the place of OS encryption in the CLI scenario?