I think duplicati should hide the secret part of the S3 credentials in the backend. I would like to use S3 accounts for multiple users and wouldn’t want to have a user read out the credentials to login with another client.

This will only work with force-encrypt exported configurations (as a user could read out the secret by exporting the config), so I am not sure how easy it would be to implement, but as far as I understand, the secret part shouldn’t be stored in clear text anyways…

This is always a hard issue. You can never completely secure a client password without user input or hardware encrypted storage.

For a non-cross trusted multi-tenant system with the way duplicati is currently structured the only way to secure it from another tenant is to run to different duplicati services as two different system user.

I have collected some ideas for securing the client credentials here: