Cannot set passphrase through environment variable

I made a backup using duplicati-cli (version, with a passphrase set using the --passphrase argument.

I’m now trying to supply it through the environment variable PASSPHRASE, but it seems to be ignored, as I get this error:

ErrorID: PassphraseChangeNotSupported
You have attempted to change a passphrase to an existing backup, which is not supported. Please configure a new clean backup if you want to change the passphrase.

I tried in both this way, but the result is the same:

export PASSPHRASE="my_passphrase"
duplicati-cli [...]
PASSPHRASE="my_passphrase"; duplicati-cli [...]

Am I doing something wrong, or is there a problem?

I’m guessing this is a bash script? Do you have any special characters in your password that bash may be interpreting/processing? (Like a $ for example.) If so you might need to escape those characters.

Yes, this is a bash script. I don’t have special characters in the passphrase, I only have alphanumeric characters [A-Za-z0-9].

So you are doing something like this in the duplicati-cli part of your command?

PASSPHRASE="my_passphrase"; duplicati-cli ... --passphrase=$PASSPHRASE ...

I wonder if it really wants quotes around it. You might need to escape the quotes for bash to keep them, eg:

PASSPHRASE=\"my_passphrase\"; duplicati-cli ... --passphrase=$PASSPHRASE ...

No, I’m not using the --passphrase argument, I’m just setting the PASSPHRASE variable.

According to the docs:

Supply a passphrase that Duplicati will use to encrypt the backup volumes, making them unreadable without the passphrase. This variable can also be supplied through the environment variable PASSPHRASE .

Interesting, I didn’t know about that option!

I tested it out and it works for me. I exported one of my web UI jobs as command line and removed the --passphrase=xxxx part. Then I did export PASSPHRASE="xxx" and ran the command and it worked as expected:

Replacing mono /usr/lib/duplicati/Duplicati.CommandLine.exe with duplicati-cli made no difference, both worked.

I’m confused. Was the error there without that? If not, the addition was not ignored.
Of course, you’d also like it to do what you want. Maybe it’s time to test decryption:

mono /usr/lib/duplicati/SharpAESCrypt.exe d <passphrase> <full-path-to-aes-file> > /dev/null

Was it an Export As Command-line from a GUI job, or completely hand-built (harder to do right)?

I figured out what my problem was; nothing wrong with duplicati, the problem is that I was running duplicates with sudo, and thus the environment variable was not being passed. I therefore had to use sudo -E duplicati-cli [...].