Hi, I think about the best method to keep passwords and database safe?
I tried to install Duplicati on a virtual drive that is encrypted with gocryptfs, then running it portable. Error during installation on windows: missing admin rights. But it seems to be impossible to install msi-files with admin rights: Win finds no app to install msi as admin??
Any suggestions?
msi files usually (always?) require admin rights to install. I would just install Duplicati normally, don’t try to install the program binaries on your encrypted drive. (There is no point as the binaries are not sensitive.)
Once you have installed it you can then work on configuring Duplicati to store the sqlite databases on your encrypted drive. Or there may be simpler alternatives, like using EFS (NTFS encryption) on the default location where Duplicati saves sqlite files.
Thank you drwtsn32. I avoided EFS and use gocryptfs (cppcryptfs) instead, because of Microsoft and a better suitable file-based encryption. What I can do is backing up only the already encrypted data, so duplicati sees only scrambled file names and no clear content. But I’d feel better if I have a fresh encrypted backup from the original files, in case of something goes wrong with gocryptfs encryption.
So I set --dbpath
in the virtual drive.
What about --tempdir? Is there any unencrypted data written in temp?
What about --log-file? Any file or foldernames written in it?
I red about --disable-filetime-check, that’s notorious dangerous (e.g. summertime switch). Is file modification check by hashing not enough?
I personally wouldn’t do that. I would have Duplicati back up the plain unencrypted view of the files and use its integrated AES256 encryption to protect your backup data. This way restores will be simpler.
As to which options you use, first let me know if you’re using Duplicati through its web GUI or via Command Line?
No, this isn’t necessary. File timestamps on NTFS don’t change with daylight savings as they are stored in UTC format. The only daylight savings annoyance in Duplicati is that it shifts the backup schedule time (if you’re using the normal web UI scheduling).
I use the web GUI.
I had time troubles with dual boot, because Linux stores in UTC, Windows in local time, but I got it to work. I saw that Duplicati can compare files by hashes and wonder why it needs additional timestamps. Probably it’s faster.
The main question: does Duplicati store unencrypted data somewhere on disk or is everything encrypted in database, tempdir, logfile…? Is encryption performed in RAM or are traces left on disk?
I wouldn’t use the --disable-filetime-check
option unless you actually experience a problem that would warrant setting it. I personally don’t use it on any of my systems.
Yes you’ll need to store the sqlite files and the temp files on your encrypted volume. (The Duplicati-server.sqlite file is encrypted but it uses a known password by default, so I would still recommend storing it on your encrypted volume.)
To redirect the location of the Duplicati-server.sqlite file, add the --server-datafolder=path
option to the command line for whatever starts Duplicati on your system. By default this may be the Duplicati shortcut in your Startup folder. Be aware that if you upgrade by MSI package in the future the customization on this icon may be wiped out.
To redirect the location of the job-specific sqlite files, you can just edit the backup job in the web UI. Click the job, click on “Database …”, and then update the “Local database path” field. You can either move the file yourself and click Save, or you can ask Duplicati to move it by clicking the “Move existing database” button.
To redirect your temp data, set the --tempdir
option in the main web UI settings area.