GPG secret
How to setup GPG encryption with Toml Bombadil
Requirement
To use encryption this you need to have gnupg installed, and a pair of gpg keys.
⚠️ Encrypted value will be stored in your variable file, but once rendered, secret will be in clear in .dots/
directory.
Before going further with this ensure .dots
is in your dotfiles repository .gitignore
.
Configuration
-
Add your gpg user id to bombadil's config :
dotfile_dir = "bombadil-example" # The gpg user associated with the key pair you want to use gpg_user_id = "me@example.org" vars = [ "vars.toml" ] [settings.dots] maven = { source = "maven/settings.xml", target = ".m2/settings.xml"}
Adding secret
bombadil add-secret -k "server_password" -v "hunter2" -f vars.toml
Alternatively If you want to avoid having secrets in your shell history :
bombadil add-secret -k "server_password" -f vars.toml --ask
Use secrets
Once you secret has been added to a variable file you can use it as a normal variable :
<server>
<id>my.server</id>
<username>Tom</username>
<password>{{server_password}}</password>
</server>
Final steps
Make sure the secret has been written and encrypted :
- Get the decrypted value :
bombadil get secrets
- Get the raw encrypted value :
bombadil get vars | grep server_password
- Relink your dotfile to inject the secret value :
bombadil link
That's it ! In the next chapter we will take a look at Bombadil profiles and themes.