search

ttionya / vaultwarden-backup

Backup vaultwarden (formerly known as bitwarden_rs) SQLite3/PostgreSQL/MySQL/MariaDB database by rclone. (Docker)
MIT License
1.1k stars 122 forks source link

Unable to manually decrypt 7z container #173

Closed marleyjaffe closed 6 days ago

marleyjaffe commented 1 week ago

I just finished implementing this container and want to validate it is working and backing up the necessary vaultwarden data. I see the newly created 7z file on my OneDrive storage location but after downloading this file, am unable to decrypt it. Should it be decryptable with standard 7z decryption methods or is using this containers restore functionality required? I've tried various 7z apps and they all report wrong password. The first line in my logs show: cat: can't open '/run/secrets/vaultwarden_backup_password': No such file or directory however then I see: ZIP_PASSWORD: 24 Chars farther down in the logs. I am attempting to use the secrets file, and have successfully used this with other docker containers, so I believe I have the docker-compose mechanics correct. Below is my config, thanks for the assistance!

secrets:
  vaultwarden_backup_password:
    file: $SECRETSDIR/vaultwarden_backup_password

services:
  vaultwarden:
    container_name: Vaultwarden
    image: vaultwarden/server:latest
    volumes:
      - $USERDIR/docker/vaultwarden/Data:/data/
      - $USERDIR/docker/vaultwarden/SSL:/ssl/
      - $USERDIR/docker/vaultwarden/Logs:/logs/
    ...

  vaultwarden-backup:
    container_name: Vaultwarden-Backup
    image: ttionya/vaultwarden-backup:latest
    restart: always
    environment:
      ZIP_ENABLE: 'TRUE'
      ZIP_PASSWORD_FILE: /run/secrets/vaultwarden_backup_password
      ZIP_TYPE: '7z'
      BACKUP_FILE_SUFFIX: '%Y%m%d_%H%M%S'
      BACKUP_KEEP_DAYS: 90
      MAIL_SMTP_ENABLE: 'TRUE'
      MAIL_SMTP_VARIABLES: '-S smtp-use-starttls -S smtp=smtp://smtp.XXX.com:587 -S smtp-auth=login -S smtp-auth-user=username -S smtp-auth-password=password -S from=email@email'
      MAIL_TO: 'email@email'
      MAIL_WHEN_SUCCESS: 'TRUE'
      MAIL_WHEN_FAILURE: 'TRUE'
      TIMEZONE: 'America/Los_Angeles'
    volumes:
      - $USERDIR/docker/vaultwarden/Data:/bitwarden/data/
      - $USERDIR/docker/vaultwarden_backups:/config/
ttionya commented 1 week ago

You did not declare that secrets will be used in a specific container. See https://docs.docker.com/compose/how-tos/use-secrets/.

services:
  vaultwarden-backup:
    ...
    secrets:
      - vaultwarden_backup_password

...
marleyjaffe commented 1 week ago

ahh. thank you for catching my config mistake. adding that docker section has removed the error line, I'll wait for the next CRON job iteration and confirm it is now working as expected. Thanks for the quick response!

marleyjaffe commented 6 days ago

Confirmed that contents of container are now able to be extracted, thanks!