Duplicity uses GPG encryption for backup sets. Security depends on key lifecycle, passphrase handling, and secure remote targets.
- Use dedicated backup encryption keys separate from personal signing keys.
- Protect private keys with strong passphrases and restricted keyring permissions.
- Export and store revocation certificates offline.
- Rotate keys on personnel/security events and re-baseline backup strategy.
¶ 2) Protect passphrases and secrets
- Avoid exporting passphrases directly in shell profiles.
- Use root-only environment files or systemd credentials.
- Restrict access to scripts that pass credentials to duplicity.
- Audit for leaked
PASSPHRASE in process lists/history/logs.
¶ 3) Remote backend and retention safety
- Restrict backend credentials (S3/FTP/SSH) to backup-only scope.
- Enable immutable storage/versioning when backend supports it.
- Regularly run verify/restore tests (
duplicity verify).
- Keep strict retention and cleanup workflow to avoid accidental data loss.
¶ Verification commands
duplicity --version
gpg --list-keys
grep -R "PASSPHRASE\|GPG\|duplicity" /etc/systemd /etc/default /opt 2>/dev/null | head
- Duplicity docs: https://duplicity.gitlab.io/
- Duplicity source/advisories: https://gitlab.com/duplicity/duplicity
- Debian security tracker (duplicity): https://security-tracker.debian.org/tracker/source-package/duplicity