Being a trust-no-one backup solution, a key problem is to guard the different secrets, in particular the backup passphrase. Until now, Duplicati has supported injecting secrets either via the command line interface or by running a script that obtains the passphrase and injects it.

With the latest canary build, Duplicati now supports “secret providers” that offer different ways to inject sensitive parameters into the process. And the initial version supports no less than 10 different providers!