Can I make Restic dump the environment it's working with?

I have a restic job that is complaining about wrong password or no key found and I’m looking for how to debug this. What I think I want is a way to tell Restic how to dump out the parameters it’s working with; --verbose doesn’t, and I don’t see a command that would seem to do it. How do people debug this sort of thing?

I have a systemd job set-up that I’m running on a few servers and my laptop; it consists of an EnvironmentFile and a file of paths in a read-restricted /etc directory, a timer, and a job that sets the environment from the EnvironmentFile and uses the paths file for the backup list. This exact setup is running well on a number of servers, but on a new server the job prints the wrong password error. When I set the environment variables by hand and run restic, it’s fine (the init works, as do subsequent operations from the CLI), but the systemd job fails.

Ignore my specific issue for a moment; I am less interested in fixing this one server than I am answering the question: how do I debug restic when it’s running in a different environment, and behaving differently, than when I run it interactively? Maybe I’m running it in docker, for some reason; maybe as a systemd job, or a cron job, or something – how can I tell it to dump out it’s environment to see what it is working with so I can – e.g. – see that it has the wrong repository path or password or whatnot?

One way is to simply replace the restic command with whichever command will show you the information you need, e.g. the environment variables that are defined in the current scope. If you do that, you will for example possibly find that the RESTIC_PASSWORD environment variable you think has a value is not even defined, or similar.

There’s no way to do that within restic yet. We’re very careful to not echo back the repository password anywhere, so that it does not accidentally ends up in any logs.

What you can do though to try to find out what’s going on: write the password to a file, then use --password-file /path/to/file first interactively, then via system.

Does that work?

If yes, then it’s an issue with passing the password via the environment variable.

If not, it’s something else.

Do you run restic as a different system user via systemd? Does that system user have access privileges on the files in the repo, especilly the files below keys/?