Decrypt / set data in init process

[kboshold]

What exactly are you trying to do?

I do have two files with yaml data personal_data.yaml.age and work_data.yaml.age. Now i want to include the correct file/data while init. Therefor i do have a promptString to ask for the mode witch is stored as .opt.mode. Now i want to decrypt my *.age files and include the data for the templates / persist them on the system.

What have you tried so far?

I created a script run_once_before_100.decrypt.sh.tmpl to decrypt my key.txt.age:

#!/bin/sh

# check key.txt exists
if [ ! -f "{{ .chezmoi.sourceDir }}/.key.txt" ]; then
  # check if should decrypt
  if test "{{ .opts.decrypt_data }}" = "true"; then
    # check age is installed
    if ! command -v age &> /dev/null; then
      age --decrypt --output "{{ .chezmoi.sourceDir }}/.key.txt" "{{ .chezmoi.sourceDir }}/key.txt.age"
      chmod 600 "{{ .chezmoi.sourceDir }}/.key.txt"
    fi
  fi
fi

Then i created a script run_once_before_200.data.sh.tmpl to set the data:

#!/usr/bin/env bash

{{ $data := false }}
{{- if eq .opts.mode "personal" -}}
{{-     $data = (joinPath .chezmoi.sourceDir ".personal_data.yaml.age" | include | decrypt | fromYaml) -}}
{{- else if eq .opts.mode "work" -}}
{{-     $data = (joinPath .chezmoi.sourceDir ".work_data.yaml.age" | include | decrypt | fromYaml) -}}
{{- end -}}

# write to file
{{ if $data }} 
cat << EOF > {{ .chezmoi.sourceDir }}/.chezmoidata.yaml
git:
    user: {{ $data.git.user }}
    email: {{ $data.git.email }}
EOF
{{- end -}} 

Now I have initialized this on the new system... Now I get an error that .git.user was not defined. A file .chezmoidata.yaml with the correct values was created. If i apply the tempaltes again, everything works fine now.

Hence my actual question: How can I set/update the data in the . context during initialization?

Is there something like? (Ofc the following does not work)

{{ .git.user := $git_user }}

Where else have you checked for solutions?

• [X] I have read chezmoi's user guide, and not found the answer.
• [X] I have searched chezmoi's reference guide, and not found the answer.
• [X] Other, please give details: Other Repos

[twpayne]

Your approach will not work. .chezmoidata.yaml is read before chezmoi runs any scripts. You need to use a different approach.

[kboshold]

@twpayne But is there a way to set ".git.user" in the template maybe? Or do you have an idea how i could implement it? 🤔

[twpayne]

You can set .git.user in the data section of chezmoi's config file.

[kboshold]

So there is no recommended way? I followed the FAQ for enryption. (https://www.chezmoi.io/user-guide/frequently-asked-questions/encryption/#how-do-i-configure-chezmoi-to-encrypt-files-but-only-request-a-passphrase-the-first-time-chezmoi-init-is-run).

Therefor i have a "run_" script and this will execute after the chezmoi config file. So i cant do it in the chezmoi config file.

[kboshold]

@twpayne In itself the only relevant question is:

Is there a way in a script (run_before_ prefix) to set the data in the . context or will there be one in the future e.g. {{ .git.user = "test" }}?

[twpayne]

Is there a way in a script (run_before_ prefix) to set the data in the . context or will there be one in the future e.g. {{ .git.user = "test" }}?

No.

Use the config file template feature instead.

[kboshold]

@twpayne But I am not able to decrypt my key.txt.age key in this template or can i? (This one: https://www.chezmoi.io/user-guide/frequently-asked-questions/encryption/#how-do-i-configure-chezmoi-to-encrypt-files-but-only-request-a-passphrase-the-first-time-chezmoi-init-is-run)

[twpayne]

@twpayne But I am not able to decrypt my key.txt.age key in this template or can i?

You can probably use a call to the output template function with arguments that have the side effect of decrypting your key.

The reason you are having difficulty with chezmoi is that you are trying to impose a workflow that chezmoi is not designed for, i.e. you're holding it wrong. If you adapt the workflow that chezmoi is designed for you will have a much easier time. The amount of further support that I can provide you is limited.