proxmox-backup-client key create -> Read from file or stdin possible ?

Jan 21, 2016
83
7
28
41
Germany
www.pug.org
hi,

is it possible to read the passphrase from a file or from STDIN ?

If I try:

Code:
echo secret | proxmox-backup-client key create
or
echo secet | proxmox-backup-client key create -

it fails with:

Code:
Error: unable to read passphrase - no tty

cu denny
 
Jan 21, 2016
83
7
28
41
Germany
www.pug.org
hi,

because I have no idea to solve it .. I used a workaround with expect:

Code:
#!/bin/bash
# Workaround for input passphrase to proxmox-backup client
# Source: modules/profile/files/base

# Read the settings and passphrase
source  /root/.config/proxmox-backup/secrets

if [ -f /root/.config/proxmox-backup/encryption-key.json ]
then
  echo "Encryption key already exists"
  exit 0
else
  echo "Create proxmox client encryption key"
  /usr/bin/expect <<- DONE
spawn proxmox-backup-client key create
expect "Encryption Key Password:"
send ${PBS_ENCRYPTION_PASSWORD}\r
expect "Verify Password:"
send ${PBS_ENCRYPTION_PASSWORD}\r
expect eof
DONE

fi

The passphrase is inside /root/.config/proxmox-backup/secrets like:

Code:
#Managed by Puppet
export PBS_REPOSITORY='backup-client@pbs!backup-client@foo:store-01'
export PBS_PASSWORD="secrettoken"
export PBS_ENCRYPTION_PASSWORD="verystrongpassword"
export PBS_FINGERPRINT=".... 3e:97:87:28:ea:8b:54:92:f1:49:d0"

I need it for our Puppet.

cu denny
 
Last edited:
  • Like
Reactions: Cookiefamily

dcsapak

Proxmox Staff Member
Staff member
Feb 1, 2016
8,542
1,099
164
34
Vienna
if you want to automate it, why use a key with a passphrase in the first place?

if you do 'proxmox-backup-client key create <path> --kdf none'
a key without passphrase will be generated, then you do not need to provide a passphrase
 
Jan 21, 2016
83
7
28
41
Germany
www.pug.org
hi @dcsapak ,

the question is: why not ? :) We can have for every node / backup a different passphrase, thanks to Puppet with Hiera + Eyaml. So it would be very nice, to make it possible, to submit a passphrase without stuff like expect.

Also ... maybe you don't want to use the master key .. to add this key to the backup ... than you don't want to store the encryption key, without a passphrase ...

cu denny
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!