Master password to protect backup passwords and server credentials

[GoogleCodeExporter]

I do not want that any passwords are revealed when someone gets access to my 
computer. 

That is why all stored passwords (encryption of backup) and credentials (target 
servers) for all backup jobs must be encryped with a master password that was 
defined by the user.

When Duplicati is started, it should prompt for the master password.

This should be optional so that users can still run Duplicati without the need 
to enter a master password first.

Original issue reported on code.google.com by rst...@gmail.com on 9 Feb 2012 at 4:33

[GoogleCodeExporter]

yes this is a good idea. 

my pc is encrypted. however i take no chances.

Original comment by bunnyisb...@gmail.com on 10 Feb 2012 at 2:05

[GoogleCodeExporter]

This is needed indeed in corporate environments.
Example: I would like to utilize this in our company for 50 people and use AWS 
S3 but do not want to share our company paid AWS S3 ID and secret key to all 
employees. Now these secrets can be trivially looked up from the app config.

Original comment by simo.sal...@gmail.com on 16 Jan 2013 at 10:19

[GoogleCodeExporter]

@simo.salminen: Yes, it should be possible to encrypt the database. However, 
the password itself needs to be decrypted on the machine, otherwise it is not 
possible to authenticate with AWS. So in your case, where Duplicati is running, 
and you do not trust your employees, it would be "trivial" (in a 
crypto-security meaning) to extract the password right before the connection 
happens.

Fortunately, AWS has something called AWS Identity Management AIM:
https://aws.amazon.com/iam/

With this, you can set up "accounts" (logins really) that only have access to 
some subset of your account. Using this method, you can create a bucket pr. 
employee and a username/password pair for each. You can then limit each login 
to only have read/write/list access to the bucket. With this setup, each 
employee can only trash their own setup, and you do not expose the company 
account, so you can close each login without losing data.

Original comment by kenneth@hexad.dk on 16 Jan 2013 at 12:49

[GoogleCodeExporter]

that would be a good idea, because i intend to install in some remote users 
(customers) that i would´nt to allow access to that configuration as schedule 
for example, when exists locked interface the risk of modifications e exiting 
applications is protected. 

Original comment by luciano....@gmail.com on 20 Mar 2013 at 5:51

[GoogleCodeExporter]

There is a Gnome API for storing passwords of third apps with Seahorse as a 
GUI: https://live.gnome.org/GnomeKeyring

Would be nice if this infrastructure could be used for storing passwords in 
this platform.

FYI.

Original comment by ismael.olea on 28 May 2013 at 11:23

[GoogleCodeExporter]

Is it possible only to ask for password authentication during restore? The 
automatic backup can go on as usual.

Original comment by dolly.ka...@gmail.com on 18 Jun 2013 at 7:14