Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: reference templates in top-level passwd mgmt #4162

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 28 additions & 5 deletions assets/chezmoi.io/docs/user-guide/password-managers/index.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,29 @@
# Password manager integration
# Password Manager Integration

Template functions allow you to retrieve secrets from many popular password
managers. Using a password manager allows you to keep all your secrets in one
place, make your dotfiles repo public, and synchronize changes to secrets
across multiple machines.
Using a password manager with Chezmoi enables you to maintain a public
dotfiles repository while keeping your secrets secure. Chezmoi extends its
existing [templating capabilities](../templating.md) by providing password
manager specific _template functions_ for many popular password managers.

When Chezmoi applies a template with a secret referenced from a password
manager, it will automatically fetch the secret value and insert it into the
generated destination file.

## Example: Template with Password Manager Integration

Here's a practical example of a `.zshrc.tmpl` file that retrieves an CloudFlare
API token from 1Password while maintaining other standard shell configurations:

```zsh
# set up $PATH
# …

# Cloudflare API Token retrieved from 1Password for use with flarectl
export CF_API_TOKEN='{{ onepasswordRead "op://Personal/cloudlfare-api-token/password" }}'

# set up aliases and useful functions
```

In this example, the `CF_API_TOKEN` is retrieved from a 1Password vault
named `Personal`, specifically from an item called `cloudflare-api-token` in the
`password` field.