Closed detzen closed 1 year ago
If I'm not mistaken, the secret template functions are intended to be used to decrypt secrets in your secret manager.
{{ secret "to be encrypted" }}
roughly translates to
❯ <secret.command> <secret.args> "to be encrypted"
secret.command
and secret.args
should be set up to allow generic access to the secret manager, with specific arguments for each item passed inside the template, e.g.
# chezmoi config
secret:
command: "secret-manager"
args: "get"
# template
{{ secret "password" "github" }}
# rough command equivalent
❯ secret-manager get "password" "github"
# template
{{ secret "username" "email" }}
# rough command equivalent
❯ secret-manager get "username" "email"
If you use any of the secret managers listed here
info 1password-command op not found in $PATH
info bitwarden-command bw not found in $PATH
info gopass-command gopass not found in $PATH
info keepassxc-command keepassxc-cli not found in $PATH
info keepassxc-db not set
info keeper-command keeper not found in $PATH
info lastpass-command lpass not found in $PATH
info pass-command pass not found in $PATH
info passhole-command ph not found in $PATH
info vault-command vault not found in $PATH
you should use the corresponding template functions instead of the generic secret
.
Exactly as @bradenhilton, the custom secret
command is for when you're not using one of chezmoi's supported password managers.
There are example secret.command
and secret.args
values in chezmoi's user manual.
Ah, okay. Many thanks for your detailed explanation. Regards, Alex
What exactly are you trying to do?
I try to use the "secret" function in a template file as presented in your "Conf42 Open Source Showcase 2020". Unfortunately, I can't find informations how to exactly configure this.
What have you tried so far?
Here's a simple example:
In the documentation, you stated: "secret returns the output of the generic secret command defined by the secret.command configuration variable with secret.args and args with leading and trailing whitespace removed."
Thus, error "no command" is clear, because "secret" isn't set per default in the configuration:
Can you please give a hint, which command could be used and configured for encryption? Is "secret" only used for decryption and I have to adjust 'args' to this? I think encrypting the password must be done manually before insert into the *.tmpl file. Is this correct?
Where else have you checked for solutions?
Output of any commands you've tried with
--verbose
flagOutput of
chezmoi doctor
source-dir and working tree is dirty, because I did not commit.for testing purposes
Additional context
none