How to use the CLI to backup to Azure


I was redirected here from Azure instructions do not make any sense · Issue #40 · kees-z/DuplicatiDocs · GitHub.

In that issue I am essentially trying to figure out the CLI syntax for an Azure backup, and the docs weren’t incredibly clear about the placement (or syntax) of the arguments. Now I have a command like this:

duplicati-cli backup "azure://containerbackuptest/?azure_account_name=machetebackuptest&azure_access_key=[redacted]&azure_blob_container_name=containerbackuptest"

It fails thusly:

Backup started at 04/23/2019 03:47:21
Checking remote backup ...
  Listing remote folder ...
  Listing remote folder ...
  Listing remote folder ...
  Listing remote folder ...
  Listing remote folder ...
Fatal error => The remote server returned an error: (403) Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature..

I have tried removing various parts of the command and the result is the same. Which leads me to question:

  1. Are your headers correct?
  2. Is my syntax correct?
  3. Has anyone done this? I don’t see a “How To” for Azure.

Thank you,


There is a possibility that there’s a type in the online documentation (and in the built-in help text).

Underscores are hardly used in command line options, so I suspect that --azure_account_name, --azure_access_key and --azure_blob_container_name should be replaced with --azure-account-name, --azure-access-key and --azure-blob-container-name.

Could you try this and report back the results?

/EDIT: I doubt this will help, underscores seem to be hard coded in the source code.
/EDIT 2: Topic moved to Support category, The How-to category is for topics that explain how to use a particular backend or storage provider.

1 Like

Thanks. I can try the dashes but I also don’t think that is the problem. I can look through the source when I get a minute. Does the key have to be URL encoded?

Currently the parameters are using underscores but this should be addressed soon.

There are a number of ways the parameters can be provided, either as part of the azure:// url or as separate parameters, but there are differences in the way this is done.

The azure_blob_container_name parameter is not currently used.

Some command line format variants are:

backup "azure://container?auth-username=storage&auth-password=EncodedAccessKey"
backup "azure://container?auth-username=storage&auth-password=EncodedAccessKey&azure_account_name=container&azure_access_key=EncodedAccessKey"
backup "azure://container" --azure_account_name=storage --azure_access_key=UnencodedAccessKey
backup "azure://container?auth-username=storage&auth-password=EncodedAccessKey"  --azure_account_name=storage --azure_access_key=UnencodedAccessKey

container is the name of the Azure container for the storage blob
azure_account_name is the name of the Azure storage account
azure_access_key is the Access Key assigned to the storage account

The first 2 formats are what the Duplicati GUI will give you if you export the command line.

Note that the EncodedAccessKey has characters like ‘/’ and ‘=’ encoded to %2F and %3D, whereas the UnencodedAccessKey does not (as provided in the Azure portal).


  1. The Azure storage account can be provided via the --azure_account_name parameter, via the auth-username in the azure url or via the azure_account_name appended to the URL (see the second example).
  2. The Azure access key can be provided via the the --azure_access_key parameter, via the auth_password in the azure url or via the azure_access_key appended to the URL (see the second example).
  3. If passed as a parameter, the parameter overrides any value specified in the url.

Hey! Thanks for the response. For the moment we are using azurefuse to handle the connection to blob storage, but of course that is yet another dependency to manage. So I will try this out when I get a cycle or two to do so. I’m sure it will help other people as well.

Thank you,