How to change the passphrase of a duplicity backup?

backup passphrase encryption duplicity

How to change the passphrase of a duplicity backup? I tried to just provide a new one when doing a backup but was faced with an error.

GPGError: GPG Failed

How should I proceed to change the passphrase?


Assuming you're using symmetric encryption, you will keep previous backup chains files encrypted with the old passphrase which won't be stored into the cache with the new passphrase since they won't be decrypted. You will need to run many PASSPHRASE=old duplicity, PASSPHRASE=new duplicity in order to recache all files (assuming a new machine scenario) and could easily reach an impossibility to restore your latest backups.

The best method is probably: cleanup first and start a brand new full backup chain using the new passphrase.


All you need to do is to force a new full backup:

env PASSPHRASE='new' duplicity [options...] full $SRC $DST

The reason is that all backups in each chain must use the same passphrase.

In case you were wondering, if you need to restore, you need to pass the $PASSPHRASE of the chain you're restoring:

# Restore last backup
env PASSPHRASE='new' duplicity [options...] restore $DST ./today

# Restore yesterday's backup
env PASSPHRASE='old' duplicity [options...] --time 1D restore $DST ./yesterday

Related

VMware Workstation "Recording/Replaying VM activity" feature
Windows 8.1 request to "Enter your most recent password"... Legitimate?
In an Excel chart, how do you craft X-axis labels with whole number intervals?
Elegant way to terminate the VirtualBox VBoxSVC.exe process
open Safari and Finder failed in tmux
How to change default column widths in Macintosh Finder?
how to actually install mediawiki and run with docker?
DRDY ERR from HDD
What does scaled resolution mean in OSX?
Does Apache Alias support relative paths?
What is the difference between Public DNS and public IP in AWS ec2?
Removing functions from a column, but keeping data (convert to normal text)?