Hi. I’m trying to figure out how to use to use preload settings file to encrypt my database. According to this link, it says I can create a preload.json file. I found the Windows folder were my database file. Then do I
Right click and create a file named “preload.json” in this folder
Thank you for suggesting using a temp-preload.json file to test for encryption. I kept trying the temp-preload.json file to test and it wasn’t crashing. So I uninstalled it, reinstalled it, and added the preload.json file again. I finally found got a crash log to confirm the encryption was working.
I saw your suggestion to use SQlitebrowser to look for “Setting” table to check for encryption, but I didn’t see anything that said “Setting” when I opened it.
May I also second the suggestion creating some sort of GUI to add a server encryption in the Duplicati settings menu? I did find it kind of complicated trying to figure out how to encrypt my database.
I’m another user somewhat confused by this new setting and the explanation of the threat model.
I understand that a plain text DB is a potential vulnerability. However, if we encrypt the database but store the encryption key in a plain text preload.json file (or an environment variable) right next to it, aren’t we just moving the vulnerability one step to the left? It seems just as weak as a plain text DB against a local attacker.
For Windows, Credential Manager sounds like a viable option, but the documentation is quite sparse.
Do I simply add --secret-provider=wincred:// to my startup shortcut and that’s it? Does Duplicati handle the generation and storage of the keys/values automatically, or is there a manual setup step required?
How does using wincred affect moving to a new machine? Currently, I keep a secure note in Bitwarden vault with the plain text config of each backup set. If my computer dies, I simply reinstall Duplicati on a new machine, paste in the config, and (presumably ) rebuild the database from the backend files.
If the local database was encrypted with a key locked inside the old machine’s Windows Credential Manager, does that complicate a fresh install/restore on a new machine? Or is the local encryption key irrelevant in a DR scenario because I would be creating a fresh (empty) database anyway?
Finally, for a brand new user installing Duplicati for the first time: What is the default behavior? Will they be prompted to set this up, or will they receive the warning message and have to figure out these flags on their own?
) rebuild the database from the backend files.