borg key import asks for password even if: export BORG_PASSCOMMAND="cat /root/provision/borgpwd"

When working with BorgBackup, users sometimes encounter issues where the key import prompts for a password despite having set up the BORG_PASSCOMMAND environment variable correctly. This can be frustrating, especially if you believe the command should automatically provide the necessary passphrase. Below, we’ll explore possible reasons for this behavior and suggest troubleshooting steps.

Understanding BorgBackup and BORG_PASSCOMMAND

BorgBackup is a powerful deduplicating backup program that encrypts repositories by default. To handle encrypted repositories without manual password entry each time, Borg offers the use of the BORG_PASSCOMMAND environment variable. This variable can be set to a command that outputs the required passphrase, which Borg will then use automatically.

Example of Setting BORG_PASSCOMMAND:

export BORG_PASSCOMMAND="cat /root/provision/borgpwd"

Potential Causes for the Password Prompt

Here are several reasons why you might still encounter a password prompt despite setting the BORG_PASSCOMMAND:

1. Incorrect Path or Permissions:

   • Ensure that the path /root/provision/borgpwd is correct and that the user running the Borg commands has permission to read this file. If the permissions are too restrictive, Borg cannot retrieve the password.

2. File Content:

   • Verify that the file /root/provision/borgpwd actually contains the correct passphrase without any extraneous characters, such as newlines or spaces, which may interfere with Borg's ability to read it correctly.

3. Export Scope:

   • Check if the BORG_PASSCOMMAND variable is set in the same shell session where the Borg command is executed. Environment variable settings in one session do not automatically carry over to others.

4. Error in Command Execution:

   • If there’s an error in the command specified within BORG_PASSCOMMAND, Borg will not receive a valid passphrase. You can test the command separately in the terminal to ensure it outputs the correct passphrase.

5. SSH and Remote Connections:

   • If importing keys over SSH, remember that the BORG_PASSCOMMAND may not work as expected due to the environment not being fully replicated in remote sessions.

6. Borg Version Issues:

   • Occasionally, version-specific bugs or changes can affect the behavior of the BORG_PASSCOMMAND. Check the change logs and issues on the BorgBackup GitHub page for any relevant updates or fixes.

Troubleshooting Steps

If you're facing issues with the password prompt, try the following steps:

• Verify File: Check the content of /root/provision/borgpwd using:

  cat /root/provision/borgpwd
  

• Test BORG_PASSCOMMAND: Manually run the command to see if it outputs correctly:

  $BORG_PASSCOMMAND
  

• Check Permissions: Ensure the file permissions allow the intended user to read the password:

  ls -l /root/provision/borgpwd
  

• Adjust Shell Session: Make sure the BORG_PASSCOMMAND is set in the current shell where the Borg command is executed.
• Review Logs: If problems persist, consult logs or use verbose output for Borg commands to gather more insights.

Conclusion

While the BORG_PASSCOMMAND feature is designed to streamline the process of handling encrypted repositories in BorgBackup, various factors can lead to password prompts that impede that goal. By methodically checking your command setup, file permissions, and environment scope, you can diagnose and address the cause of these interruptions effectively. If problems continue even after following these guidelines, it may be useful to seek community support or consult the comprehensive documentation available on the BorgBackup website.