[SOLVED] Backup Client key must be a string

C

crazywolf13

Member
Oct 15, 2023
49
7
8
Hi
I use nixos (a declarative OS)

I'm getting the following error, when running my backup:

Code: 
Starting backup to Proxmox Backup Server...
Encrypting with default encryption key!
Starting backup: host/Gaming-Tower-NixOS/2025-01-13T22:55:54Z
Client name: nixos
Starting backup protocol: Mon Jan 13 23:55:54 2025
Using default encryption key..
Error: key must be a string at line 1 column 2

What key does that resolve to?
The file in .config/proxmox-backup/encryption-key.json?
The encryption-password?

Here my script, I shortened the encrypted parts, ignore some weird quotation, this is just from nix syntax:
Code: 
  # Define Proxmox Backup Server variables
            PBS_REPO="10.10.20.22:hdd-pool"
            PBS_BACKUP_ID="Gaming-Tower-NixOS"

            PBS_PASSWORD_ENC="Uh3H3"
            PBS_ENCRYPTION_PASSWORD_ENC="YrQw"
            PBS_FINGERPRINT_ENC="Lv"
            ENCRYPTION_KEY_FILE_ENC="wIJ6ocg="
            export PBS_PASSWORD=$(echo "''${PBS_PASSWORD_ENC}" | base64 -d | openssl pkeyutl -decrypt -inkey ~/.ssh/id_rsa)
            export PBS_ENCRYPTION_PASSWORD=$(echo "''${PBS_ENCRYPTION_PASSWORD_ENC}" | base64 -d | openssl pkeyutl -decrypt -inkey ~/.ssh/id_rsa)
            export PBS_FINGERPRINT=$(echo "''${PBS_FINGERPRINT_ENC}" | base64 -d | openssl pkeyutl -decrypt -inkey ~/.ssh/id_rsa)
            ENCRYPTION_KEY_FILE=$(echo "''${ENCRYPTION_KEY_FILE_ENC}" | base64 -d | openssl pkeyutl -decrypt -inkey ~/.ssh/id_rsa)

            # Make sure the encryption_key_file exists
            if [ ! -d ~/.config/proxmox-backup ]; then
                mkdir -p ~/.config/proxmox-backup
            fi
            if [ ! -f ~/.config/proxmox-backup/encryption-key.json ]; then
                echo -e "$ENCRYPTION_KEY_FILE" > ~/.config/proxmox-backup/encryption-key.json
            fi

            echo "Starting backup to Proxmox Backup Server..."
            proxmox-backup-client backup etc_nixos.pxar:/etc/nixos home_tobias.pxar:/home/tobias \
                --backup-id "$PBS_BACKUP_ID" \
                --change-detection-mode=metadata \
                --crypt-mode=encrypt \
                --repository "$PBS_REPO"

Thanks a lot!
 
Hi,

crazywolf13 said:
Error: key must be a string at line 1 column 2
Click to expand...
what do the raw contents of ENCRYPTION_KEY_FILE file look like? (sanitize the data at least, as to not leak secrets)
Are you it is valid JSON? This error probably comes from serde, failing to load/parse the JSON file.
 
Hi
Thanks a lot, yes you were right, the during the openssl encrypt/decrypt the quotation got stripped, I could fix the issue.
 
  • Like
Reactions: cheiss
You must log in or register to reply here.
Top Bottom