I would like to use gkeyring. At the moment I do this...
export PASSPHRASE=`gkeyring.py --id 53 -o secret`
--
You received this bug notification because you are a member of
duplicity-team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/504423
Title:
duplicity shows
Den:
if your up to it this can definitely built into duplicity. so don't hesitate.
Eugene:
correct. file based auth is the option targeted. unfortunately nobody tackled
it so far.
wrt. your empty FTP_PASSWORD issue.. just checked the corresponding source and
it should only come up with a
if your willing to test it:
- locate duplicity/backends/ftpsbackend.py of your duplcity installation
- open with editor
- locate line ca. 83
os.write(self.tempfile, user %s %s\n % (self.parsed_url.username,
self.password))
- edit and add one line in front of it and indent the original line by 4
It is generally considered more secure to keep passwords in the files,
and never put them in the command line or environment variables because
they are publicly exposed in many flavors of UNIX. .netrc seems to be
the most appropriate way.
--
You received this bug notification because you are a
Right now, duplicity (0.6.19) insists on asking the password if it was
not specified in the URL or FTP_PASSWORD environment variable, even if
lftp (which I use) is happy with the data present in .netrc.
--
You received this bug notification because you are a member of
duplicity-team, which is
On 08.06.2012 13:33, Eugene Crosser wrote:
Right now, duplicity (0.6.19) insists on asking the password if it was
not specified in the URL or FTP_PASSWORD environment variable, even if
lftp (which I use) is happy with the data present in .netrc.
can't you just simply set an empty password?
No, if it's empty duplicity will prompt for it. Which is exactly the
problem that needs fixing.
--
You received this bug notification because you are a member of
duplicity-team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/504423
Title:
duplicity shows sensitive data
On 08.06.2012 14:45, Eugene Crosser wrote:
No, if it's empty duplicity will prompt for it. Which is exactly the
problem that needs fixing.
actually this would need a different bug report as it is not covered by
duplicity shows sensitive data in process listing
also i am not sure this is
I would argue that exposing the password in an environment variable is
almost as bad as in the command line (it's safe on most platforms is
not good enough).
I cannot suggest a solution that would work well for all backends... It
might be useful to have a separate method to provide the password
It seems to be the occasion to support the ~/.netrc file like do most of
ftp credentials consumers (ftp, lftp, wget, fetchmail, msmtp, ...)
--
You received this bug notification because you are a member of
duplicity-team, which is subscribed to the bug report.
** Changed in: duplicity
Status: In Progress = Confirmed
** Changed in: duplicity
Assignee: Kenneth Loafman (kenneth-loafman) = (unassigned)
** Changed in: duplicity
Milestone: 0.6.15 = None
--
You received this bug notification because you are a member of
duplicity-team, which
** Changed in: duplicity
Milestone: 0.6.14 = 0.6.15
--
You received this bug notification because you are a member of
duplicity-team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/504423
Title:
duplicity shows sensitive data in process listing
Status in Duplicity
** Changed in: duplicity
Importance: Medium = Low
** Changed in: duplicity
Status: New = In Progress
** Changed in: duplicity
Milestone: 0.7.00 = 0.6.13
** Changed in: duplicity
Assignee: (unassigned) = Kenneth Loafman (kenneth-loafman)
--
You received this bug notification
** Description changed:
If credentials are given in the command line url parameter these show up
in 'ps'
e.g.
/usr/bin/duplicity --verbosity 4 --encrypt-key FD3846C2 --sign-key
FD3846C2 --gpg-options= --exclude-globbing-filelist
/root/.duply/bkp/exclude /backup/
** Changed in: duplicity
Importance: Undecided = Medium
** Changed in: duplicity
Milestone: None = 0.6.10
--
duplicity shows sensitive data in process listing
https://bugs.launchpad.net/bugs/504423
You received this bug notification because you are a member of
duplicity-team, which is a
15 matches
Mail list logo
