Great question, and I’ll add on.
I think this is the server database, to add another Securing the database way.
There are still plenty of questions. I asked several in Encrypting the database.
This style of advice to users bothers me, as it relies on users to figure out how.
Local providers names names for current releases, but that doesn’t go very far.
Perhaps it could be improved if the new feature is going to be relying on its use.
I’m making the argument that documentation and/or software should give leads,
including expected things like system migrations, or even migrating to a service.
To the long database recreate question, that’s not the one with sensitive secrets.
You’ll also have to recreate it even now if you lose server, but without the server
database you’ll also be trying to type the config in first from memory or whatever.
If you lose all the credentials you lose the entire backup, so worse than recreate.
“Direct restore”: “If you do not have the passphrase, it is not possible to restore.”
Some things such as destination logins might be available in some other source.
Basically some things are more critical than others, however safeguard can help.
Export or some other secrets protection is important, for the Import configuration.
Direct restore from backup files may also need secrets, but less than a full config.
If you have full system crash with loss of all files, I don’t think anything gets worse.
Migrating Duplicati to a new machine before old one fully dies may be harder. IDK.
Anytime software automatically locks things up, I think it’s essential to provide full
detailed directions for anything the user could run into that can be affected by that.
Whether OS tools or Duplicati tools are needed, provide all the information clearly.