Skip to content
Carlos Knippschild edited this page Mar 20, 2024 · 21 revisions

Duplicacy will attempt to retrieve in three ways the storage password and the storage-specific access tokens/keys.

  • If a secret vault service is available, Duplicacy will store passwords/keys entered by the user in such a secret vault and later retrieve them when needed. On Mac OS X it is Keychain, and on Linux it is gnome-keyring. On Windows the passwords/keys are encrypted and decrypted by the Data Protection API, and encrypted passwords/keys are stored in the file .duplicacy/keyring. However, if the -no-save-password option is specified for the storage, then Duplicacy will not save passwords this way.
  • If an environment variable for a password is provided, Duplicacy will always take it. The table below shows the name of the environment variable for each kind of password. Note that if the storage is not the default one, the storage name will be included in the name of the environment variable (in uppercase). For example, if your storage name is b2, then the environment variable should be named DUPLICACY_B2_PASSWORD.
  • If a matching key and its value are saved to the preference file (.duplicacy/preferences) by the set command, the value will be used as the password. The last column (key in preferences) in the table below lists the name of the preference key for each type of password.
password type environment variable (default storage) environment variable (non-default storage in uppercase) key in preferences
storage password DUPLICACY_PASSWORD DUPLICACY_<STORAGENAME>_PASSWORD password
sftp password DUPLICACY_SSH_PASSWORD DUPLICACY_<STORAGENAME>_SSH_PASSWORD ssh_password
sftp key file DUPLICACY_SSH_KEY_FILE DUPLICACY_<STORAGENAME>_SSH_KEY_FILE ssh_key_file
sftp key passphrase DUPLICACY_SSH_PASSPHRASE DUPLICACY_<STORAGENAME>_SSH_PASSPHRASE ssh_passphrase
Dropbox Token DUPLICACY_DROPBOX_TOKEN DUPLICACY_<STORAGENAME>>_DROPBOX_TOKEN dropbox_token
S3 Access ID DUPLICACY_S3_ID DUPLICACY_<STORAGENAME>_S3_ID s3_id
S3 Secret Key DUPLICACY_S3_SECRET DUPLICACY_<STORAGENAME>_S3_SECRET s3_secret
BackBlaze Account ID DUPLICACY_B2_ID DUPLICACY_<STORAGENAME>_B2_ID b2_id
Backblaze Application Key DUPLICACY_B2_KEY DUPLICACY_<STORAGENAME>_B2_KEY b2_key
Azure Access Key DUPLICACY_AZURE_KEY DUPLICACY_<STORAGENAME>_AZURE_KEY azure_key
Google Drive Token File DUPLICACY_GCD_TOKEN DUPLICACY_<STORAGENAME>_GCD_TOKEN gcd_token
Google Cloud Storage Token File DUPLICACY_GCS_TOKEN DUPLICACY_<STORAGENAME>_GCS_TOKEN gcs_token
Microsoft OneDrive Personal Token File DUPLICACY_ONE_TOKEN DUPLICACY_<STORAGENAME>_ONE_TOKEN one_token
Microsoft OneDrive Business Token File DUPLICACY_ODB_TOKEN DUPLICACY_<STORAGENAME>_ODB_TOKEN odb_token
Hubic Token File DUPLICACY_HUBIC_TOKEN DUPLICACY_<STORAGENAME>_HUBIC_TOKEN hubic_token
Wasabi Key DUPLICACY_WASABI_KEY DUPLICACY_<STORAGENAME>_WASABI_KEY wasabi_key
Wasabi Secret DUPLICACY_WASABI_SECRET DUPLICACY_<STORAGENAME>_WASABI_SECRET wasabi_secret
WebDAV password DUPLICACY_WEBDAV_PASSWORD DUPLICACY_<STORAGENAME>_WEBDAV_PASSWORD webdav_password
Storj API access key DUPLICACY_STORJ_KEY DUPLICACY_<STORAGENAME>_STORJ_KEY storj_key
Storj passphrase DUPLICACY_STORJ_PASSPHRASE DUPLICACY_<STORAGENAME>_STORJ_PASSPHRASE storj_passphrase
Samba password DUPLICACY_SAMBA_PASSPHRASE DUPLICACY_<STORAGENAME>_SMB_PASSWORD smb_password
RSA key passphrase DUPLICACY_RSA_PASSPHRASE DUPLICACY_<STORAGENAME>_RSA_PASSPHRASE rsa_passphrase

The passwords stored in the environment variable and the preference need to be in plaintext and thus are insecure and should be avoided whenever possible.

Note that you must use the wasabi environment variables instead of the s3 environment variables if you are using the wasabi storage URL.

The passwords will be stored when the backup command (or any other command apart from init or add) is run for the first time. This means you need to make sure that you do that first run interactively, i.e. not via a script (unless it passes on the password prompts, of course).

Saving credentials to Duplicacy config file

Use one of the above environment variables, but lowercase and remove duplicacy_

Example: duplicacy set -key b2_id -value 6fdd6eeeefff

or: duplicacy set -storage mybackupstorage -key b2_id -value 6fdd6eeeefff

or: duplicacy set -key b2_id -value "passphrase with spaces"

For token file of some providers (OneDrive etc), the -value should be the path of the token file Example: duplicacy set -key one_token -value .duplicacy/onedrive_token.json

Changing passwords

To change passwords that have been stored in the keychain/keyring, use the list command with the -reset-passwords option.