Is it safe to change the AES pass-phrae for an already set up backup?


#1

With couple of already made backed up versions?


#2

It’s not possible currently. I raised a suggestion to re-code the encryption logic to allow changing passphrase here: [feature request] Changing volume encryption password · Issue #2991 · duplicati/duplicati · GitHub

Slightly relevant post:


#3

@Pectojin, I guess it is not possible currently since making that possible means decrypting all the remote files with the old pass-phrase an re-encrypting them with the new one.

Side question, but it is possible to modify a backup setting by adding new folders to backup or removing others, correct?


#4

Side answer: yes, it is :slight_smile: But for removal you should be aware, that the removed files/dirs will still be existent in previous backup versions - 'till retention kicks in…


#5

Heh - @cpo beat me by 30 seconds. :+1:

Though I’d like to add the personally when creating a backup I start with a small folder to be backed up. This allows me to test schedules, make sure filters are correct etc.

Once I’m happy with things I start adding folders until everything I want is in place. A side benefit of this is that the initial backup doesn’t take a long time only for me to realize I screwed something up in the config.

The other thing I wanted to mention is that when I file is not found by Duplicati during the file scan it is considered deleted. This means that if you have a symlink to another machine that might be offline or perhaps a USB drive that isn’t always connected Duplicati might start cleaning up backup versions of things it THINKS are deleted when really they’re just not available at backup run time.

So keep that in mind when setting “keep until” or retention rules if you’re backing up a source that might include not-always-online files. Make sure those settings are for LONGER than your transient data sources are usually offline.


#6

No, but I have a python script almost ready to reencrypt eg with different password or with different encryption method. Need to clean it up a bit. For now it also requires a db rebuild.


#7

Exactly what i do! :slight_smile: