Managing Passwords

Duplicacy will attempt to retrieve in three ways the storage password and the storage-specific access tokens/keys.

• If a secret vault service is available, Duplicacy will store passwords/keys entered by the user in such a secret vault and later retrieve them when needed. On Mac OS X it is Keychain, and on Linux it is gnome-keyring. On Windows the passwords/keys are encrypted and decrypted by the Data Protection API, and encrypted passwords/keys are stored in the file *.duplicacy/keyring*. However, if the -no-save-password option is specified for the storage, then Duplicacy will not save passwords this way.
• If an environment variable for a password is provided, Duplicacy will always take it. The table below shows the name of the environment variable for each kind of password. Note that if the storage is not the default one, the storage name will be included in the name of the environment variable (in uppercase). For example, if your storage name is b2, then the environment variable should be named DUPLICACY_B2_PASSWORD.
• If a matching key and its value are saved to the preference file (.duplicacy/preferences) by the *set* command, the value will be used as the password. The last column (_key in preferences_) in the table below lists the name of the preference key for each type of password.

| password type | environment variable (default storage) | environment variable (non-default storage in uppercase) | key in preferences | |:----------------:|:----------------:|:----------------:|:----------------:| | storage password | DUPLICACY_PASSWORD | DUPLICACY_<STORAGENAME>_PASSWORD | password | | sftp password | DUPLICACY_SSH_PASSWORD | DUPLICACY_<STORAGENAME>_SSH_PASSWORD | ssh_password | | sftp key file | DUPLICACY_SSH_KEY_FILE | DUPLICACY_<STORAGENAME>_SSH_KEY_FILE | ssh_key_file | | Dropbox Token | DUPLICACY_DROPBOX_TOKEN | DUPLICACY_<STORAGENAME>>_DROPBOX_TOKEN | dropbox_token | | S3 Access ID | DUPLICACY_S3_ID | DUPLICACY_<STORAGENAME>_S3_ID | s3_id | | S3 Secret Key | DUPLICACY_S3_SECRET | DUPLICACY_<STORAGENAME>_S3_SECRET | s3_secret | | BackBlaze Account ID | DUPLICACY_B2_ID | DUPLICACY_<STORAGENAME>_B2_ID | b2_id | | Backblaze Application Key | DUPLICACY_B2_KEY | DUPLICACY_<STORAGENAME>_B2_KEY | b2_key | | Azure Access Key | DUPLICACY_AZURE_KEY | DUPLICACY_<STORAGENAME>_AZURE_KEY | azure_key | | Google Drive Token File | DUPLICACY_GCD_TOKEN | DUPLICACY_<STORAGENAME>_GCD_TOKEN | gcd_token | | Google Cloud Storage Token File | DUPLICACY_GCS_TOKEN | DUPLICACY_<STORAGENAME>_GCS_TOKEN | gcs_token | | Microsoft OneDrive Token File | DUPLICACY_ONE_TOKEN | DUPLICACY_<STORAGENAME>_ONE_TOKEN | one_token | | Hubic Token File | DUPLICACY_HUBIC_TOKEN | DUPLICACY_<STORAGENAME>_HUBIC_TOKEN | hubic_token | | Wasabi Key | DUPLICACY_WASABI_KEY | DUPLICACY_<STORAGENAME>_WASABI_KEY | wasabi_key | | Wasabi Secret | DUPLICACY_WASABI_SECRET | DUPLICACY_<STORAGENAME>_WASABI_SECRET | wasabi_secret | | webdav password | DUPLICACY_WEBDAV_PASSWORD | DUPLICACY_<STORAGENAME>_WEBDAV_PASSWORD | webdav_password |

Note that the passwords stored in the environment variable and the preference need to be in plaintext and thus are insecure and should be avoided whenever possible.

Note that you must use the wasabi environment variables instead of the s3 environment variables if you are using the wasabi storage URL.

1. Saving credentials to Duplicacy config file

Use one of the above environment variables, but lowercase and remove duplicacy_

Example: duplicacy set -key b2_id -value 6fdd6eeeefff

or: duplicacy set -storage mybackupstorage -key b2_id -value 6fdd6eeeefff

or: duplicacy set -key b2_id -value "passphrase with spaces"

1. Changing passwords

To change passwords that have been stored in the keychain/keyring, use the [`list`](https://github.com/gilbertchen/duplicacy/wiki/list) command with the `-reset-passwords` option.