Hi,
I am trying to make a backup script using RESTIC_PASSWORD_COMMAND=“pass …” (pass being https://www.passwordstore.org/) on Debian.
Here is my typical script :
#!/bin/sh
export RESTIC_PASSWORD_COMMAND="pass show BACKUP/KEY"
[...]
restic --repo PATH_TO_REPOSITORY backup
Observed behavior is :
- If the GPG keyring is unlocked, everything proceed as intended.
- If the GPG keyring is locked, instead of prompting password to unlock with pinentry, restic backup fails with :
gpg: decryption failed: No secret key
Resolving password failed: exit status 2
If I insert in the script a line to force gpg-agent pinentry prompt, like so :
export RESTIC_PASSWORD_COMMAND="pass show BACKUP/KEY"
eval ${RESTIC_PASSWORD_COMMAND}
[...]
restic --repo PATH_TO_REPOSITORY backup
Then things work again, gpg-agent shows pinentry if required, key unlocks and restic proceeds as intended.
Do you know what can cause this behavior please ?
Cheers