Can't open kdbx file after go-passbolt-cli export

API & Customization issues
1

Hi everyone,

I have a problem to export secrets in a kdbx file with go-passbolt-cli.

I would like to automatically export the secrets to have a backup in case of problem with passbolt server.

I made this script and this config file.

The script runs normally and the kdbx file is created. But Keepass doesn’t accept the passphrase. If I replace the “$KEEPASSPASSWORD” by " --password anothergreatpassword", I can open normally the kdbx file. I tried with many passwords, with or without complex characters.

Does anyone understand where the error comes from?

I don’t know if this is linked or not to my problem, but I always have this message during the execution of configuration of passbolt client, whatever the way to import the password.
“: no such file or directoryrom File: open pgp-private-key.txt”

Config file

userPrivateKeyFile=pgp-private-key.txt
userPassword='agreatpassword'
keepassPassword='anothergreatpassword'
serverAddress="https://passbolt.example.com"

Script

#!/bin/bash

# Config file to store parameters and secrets
CONFIG_FILE="secrets.txt"

# Check if config file exists
if [ ! -f "$CONFIG_FILE" ]; then
    echo "Error: File $CONFIG_FILE not found."
    exit 1
fi

# Read values from config files
USERPRIVATEKEYFILE=$(grep '^userPrivateKeyFile' "$CONFIG_FILE" | cut -d'=' -f2 | xargs)
USERPASSWORD=$(grep '^userPassword' "$CONFIG_FILE" | cut -d'=' -f2 | xargs)
KEEPASSPASSWORD=$(grep '^keepassPassword' "$CONFIG_FILE" | cut -d'=' -f2 | xargs)
SERVERADDRESS=$(grep '^serverAddress' "$CONFIG_FILE" | cut -d'=' -f2 | xargs)

# Checking the data import 
if [ -z "$USERPRIVATEKEYFILE" ] && [ -z "$USERPASSWORD" ] && [ -z "$KEEPASSPASSWORD" ] && [ -z "$SERVERADDRESS" ]; then
    echo "Error: Unable to import data."
    exit 1
fi

# Configuration of passbolt client
/usr/bin/passbolt configure --serverAddress $SERVERADDRESS --userPrivateKeyFile $USERPRIVATEKEYFILE --userPassword $USERPASSWORD 
echo "Configuration: ok"

# Export of secrets to keepass file
if /usr/bin/passbolt export keepass --password $KEEPASSPASSWORD; then   
    echo "Export to keepass file: ok"
else
    echo "Error: export failed"

# Deletion of values in memory.
USERPRIVATEKEYFILE=""
USERPASSWORD=""
KEEPASSPASSWORD=""
SERVERADDRESS=""

Thanks for your help.