IMO it would make sense to show the DUID since that has to be passed for static mappings and is also configured on the client side

Ok, that makes sense. Still need to place the tag.

The format I started playing with looks like this:

set system config-management commit-archive 1 username 'xxx'
set system config-management commit-archive 1 password 'xxx'
set system config-management commit-archive 1 scheme 'scp'
set system config-management commit-archive 1 location '192.0.2.1/backup'

I already looked a bit into it. What complicates it is the old location is a multi and one can add a list of locations.

Thanks for the hints, that makes sense. Let's see how that can be implemented :)

Proposal:

set system config-management commit-archive uri "stor01z-cs.int.trae32566.org/cr01b-vyos"
set system config-management commit-archive scheme "sftp"
set system config-management commit-archive username "cr01b"
set system config-management commit-archive password "$T3$TP@$$W0^%"

We could improve it by breaking up configuration, having the user providing a URI, Protocol and optional username/password as separate values.
Then we can properly encode username/password. This would also give more flexibility how username/password are handled and passed on.

In both cases it is kind of an user error, the password would have to be properly url encoded if provided in one (@ should be %40 in an URI, a ! should be %21).