Local providers
This page describes the providers that operate locally on the machine they are running
Last updated
Was this helpful?
This page describes the providers that operate locally on the machine they are running
Last updated
Was this helpful?
The simplest provider is the env://
provider, which simply extracts environment variables and replaces those. There is no configuration needed for this provider, and the syntax for adding it is simply:
The file-secret://
provider supports reading secrets from a file containing a JSON encoded dictionary of key/value pairs. As an example, a file could look like:
The file provider also supports files encrypted with and you supply the decryption key with the option passphrase
. Suppose the file is encrypted with the key mypassword
you can then configure the provider:
To avoid passing the encryption key via a commandline, see .
On Windows XP and later, the can be used to securely store secrets. As the credentials are protected by the account login, there is no configuration needed, so the setup is simply:
libsecret
(Linux)pass
secret provider (Linux)For more advanced uses the options account
and service
can be used to narrow down what secrets can be extracted.
The stores various credentials on Linux and integrates with various UI applications to let the user approve or reject attempts to read secrets. The libsecret
provider supports a single optional setting, collection
, which indicates what collection to read from. If not supplied the default collection is used. To use the libsecret
provider, use this argument:
The is a project that implements a secure password storage solution on Linux system, backed by GPG. Duplicati can use pass
as the secret provider:
For MacOS users the standard password storage is the program. The secrets stored here as application passwords can be used by Duplicati. The KeyChain can be enabled as a secret provider with: