proxmox-backup-client password from file

[Arrowmaster]

Is there a way to have proxmox-backup-client read the user password from a file instead of an environment variable?

An example usage of this would be for systemd LoadCredential or docker secrets.

This would be useful even with tokens so that the secret can be stored on the filesystem non world readable.

SystemD LoadCredential [https://www.freedesktop.org/software/systemd/man/systemd.exec.html#LoadCredential=ID:PATH]
Docker Secrets [https://docs.docker.com/engine/swarm/secrets/#build-support-for-docker-secrets-into-your-images]

 

[fabian]

for the encryption key and master key it's already possible to pass the key material in via a file descriptor (which allows integrating all secret providers that can write to stdout) - the same could also be done for the password. could you file an issue at https://bugzilla.proxmox.com ?

 

[Arrowmaster]

fabian, I don't think file descriptors is the right tool for this. Systemd specifically doesn't support redirection in the Exec commands so the proxmox-backup-client command would need to be wrapped in sh -c. Yes that could work but imho its dirty hack and ugly. I think a proper solution would be command line options to specify files that contain the the PBS password, the encryption key password, and the master key password. I've only been looking at how to pass credentials with systemd for less than a day so I may be missing something there. I will open an issue for this on bugzilla.