When doing an incremental backup, Obnam reads metadata back from the backup repository to determine what it needs to back up. For example, names of files and when they were last modified. The metadata is also encrypted, and Obnam needs to decrypt it to be able to do an incremental backup. That is why Obnam needs the passphrase.

Depending on how your GnuPG and its related agent is configured, you may need to type in the passphrase multiple times during a backup run. This is because the agent may expire the passphrase: it will remember it for, say, five minutes or an hour after you enter the passphrase, but after that you may need to enter the passphrase again. This can be awkward, and if you're not around to enter the passphrase, the backup may be terminated in the middle.

There's two ways around that: you can either configure your GnuPG agent to remember the passphrase for a longer time, possibly indefinitely, or you can use a private key without a passphrase. Neither is unproblematic from a security point of view.

In any case, it's not something that Obnam is part of. Obnam only runs gpg, and if gpg talks to its agent, which asks for a passphrase, or not, depending on the configuration. There's nothing Obnam can do to affect this.