Passwords gone after database migration

Hey there,
I have migrated my nextcloud instance to another raspberry pi. For this I have used the database dump command from the nextcloud snap and have then recovered the database on the new instance. Everything worked well and all contacts and calendar events are there again but the passwords seem to be gone. When I open the passwords app in nextcloud, I only see a forever running progress indicator. Is there a way to recover the passwords? My old instance is forever lost sadly…

It could be possible, depending on what you still have from the original instance. The app uses the server secret from the config.php in its encryption. This is likely the problem here.

It would be great to know if there are any errors in your Nextcloud log related to the passwords app.

  1. If you still have the entire data folder from the old instance
    Find the appdata folder in your old data folder. Open the passwords folder and look into the autoBackup or the backup folder. You could try to import a backup on the new server. The backup contains the server secret and all other encryption keys so you don’t need to worry about this.
  2. If you have the old config.php file and the only issue is encryption, you can try to just overwrite the server secret.

Note: Passwords is not the only app using the server secret. If any other app (like the encryption app) is using the new secret already, you should not change it.


I’m experiencing kind of the same with a slightly different situation.

To give an overview:
I have a production server, and backups are taken daily. (database and files)
On a QA server, I’m testing upgrades to the new version of nextcloud, and there I restore the mysql database and the files.

Although as of the last update (apline 3.11/17.0.7-r0 to alpine 3.12/18.0.6-r0) I’m excluding some directories on my QA environment to keep the used disk space low, since I can’t restore all files anyway. And now I’m experiencing the same as this thread here: Password folder structure is there, but the passwords themselves are gone.

Before, I cleaned the QA database and restoring the full production database and files, and everything was the same as on production. Now I restore the full database, but while restoring the disk files, I exclude the following as it didn’t seemed to be needed:
- ‘/cache/
- ‘/files/
- ‘/uploads/
- ‘/files_trashbin/
- ‘/files_versions/
- ‘/preview/
I also didn’t found anything related to passwords there, but correct me if I’m wrong.

I’m not sure if this is related to the latest version: 18.0.6-r0 on alpine 3.12?

Also, how can I link the appdata_oc to the right user? as I have a feeling that on my QA a new appdata_oc directory for my user was created.

Thanks in advance!

I assume that either some tables are missing or the server secret in the config.php does not match.

If you want to copy the passwords database from one server to another, i would recommend looking at the backups and using the server migration guide as an example to move data between servers.

Since you only want a QA environment, i think that in your case it would also be enough to make a backup on the QA system once, export it and then import it every time after you pulled the live data.

To respect the privacy of your users, i would also recommend using the sample data as basis of this dump instead of real user data.

The secret wasn’t matching, it was on purpose since it worked with the previous versions. But it seems that as of 18.0.6-r0 on alpine 3.12 the secret needed to match. Which is a good improvement on the security.

I suppose that the backups and server migration part for passwords app will help with the fact that the secret on another server is different, and thus will allow you to restore those passwords on a different server with a different secret?

My QA is usually just for the automation, but the nextcloud QA is in this case also used to final test upgrades from 1 version to another. But thanks for pointing me to the sample data, it might also be a nice playground! :slight_smile:

PS: I’m currently the only one with my wife to use it, possible family members too in the future, although they don’t mind sharing passwords. But it’s always nice to get my tooling mature enough to someday make it public for others to use or adapt to their needs.

No, the newer encryption in the app itself requires that.

No, backups only contain raw data. Restoring a backup from a different server will overwrite the server secret.

Hello, I am experiencing the same issue after migration. After password reset from CLI, I am getting a notification email about the password change but still unable to log in using new password. Have you found any solution?
Thank you.

I can’t really understand your issue, but i don’t think your problem is in any way related to the contents of this thread. Check the links in the previous responses and if those don’t make any sense to you, open a new thread in the appropriate category.

I needed to be more specific so here is what happened:

  1. Migrated the server following official documentation.
  2. Was unable to log in to the new server.
  3. Reset password using command line.
  4. Got password notification email.
  5. Still unable to log in.

Solved the problem by overwriting these values from old server:
‘instanceid’ => ,
‘passwordsalt’ => ,
‘secret’ => ,

Looks like because I didn’t need to run the maintenance:data-fingerprint command.
Thank you.