Hi!
First of all congrats for Duplicati, I find it as a great tool to do backups.
So I’m thinking on it to use Duplicati as a backup solution at our company and it’s nearly satisfying all the expectations that we need, but I would have a few questions that I couldn’t find an answer on your forums (or just missed them somewhere).
In my case the software should run scheduled on desktop PCs with Windows10 where all the users’ work supposed to be saved encrypted on a remote server with a small impact on the local machine (this part works just great), the questionable part in my case is on the local machine when I would restore any given file and choose the DB it won’t prompt for the backup passphrase.
Furthermore all the login informations for the mailing account is visible. Is it possible to tweak these somewhere to be hidden at least and won’t pop up in the face straight when any given user opens the software?
Thanks for the answers ahead.
PS.: I know it’s a bug, if I read the right thread, but is there any short term solution to prompt for a master password if you try to open the UI from the notification bar?
Install Duplicati as a service and don’t give the URL to your users. When you need to do local restores, use a private browser window. Apart from that, there’s not much else that can be done.
The passphrase is stored in the configuration database Duplicati-server.sqlite, otherwise unattended scheduled backups cannot be made.
When performing a restore operation, the stored passphrase is used to decrypt the data.
In addition to @samw’s suggestion: the URL is known and fairly simple to guess (website listening on port 8200 on localhost). Instead of keeping the URL secret, set a password on the web UI (in the Settings menu).
This can be an option to stop users to access the UI and play with the settings. But this would be my last option due I would let the user to see the UI and if necessary restore a file for herself/himself, but I don’t want that anyone could access the remotely stored files via the UI without the passphrase. But you can do this easily if you click on the DB option at restore.
The only thing I don’t want is the ability to restore my backup without the passphrase, I don’t mind if it’s in the DB for the backup procedure.
Ok, that’s kind of obvious, the web UI is prompting for password if you use the URL, but if you open it from the task bar it opens/crashes and after exit/restart you easily get access to the UI without prompting for the password.