Toml Bombadil

GPG secret

How to setup GPG encryption with Toml Bombadil

Requirement

To use encryption this you need to have gnupg installed, and a pair of gpg keys.

⚠️ Encrypted value will be stored in your variable file, but once rendered, secret will be in clear in .dots/ directory. Before going further with this ensure .dots is in your dotfiles repository .gitignore.

Configuration

  1. Add your gpg user id to bombadil's config :

    dotfile_dir = "bombadil-example"
# The gpg user associated with the key pair you want to use
gpg_user_id = "me@example.org" 

vars = [ "vars.toml" ]

[settings.dots]
maven = { source = "maven/settings.xml", target = ".m2/settings.xml"}

Adding secret

bombadil add-secret -k "server_password" -v "hunter2" -f vars.toml

Alternatively If you want to avoid having secrets in your shell history :

 bombadil add-secret -k "server_password" -f vars.toml --ask

Use secrets

Once you secret has been added to a variable file you can use it as a normal variable : 

    <server>
      <id>my.server</id>
      <username>Tom</username>
      <password>{{server_password}}</password>
    </server>

Final steps

Make sure the secret has been written and encrypted :

  1. Get the decrypted value :
bombadil get secrets
  1. Get the raw encrypted value :
bombadil get vars | grep server_password
  1. Relink your dotfile to inject the secret value :
bombadil link

That's it ! In the next chapter we will take a look at Bombadil profiles and themes.

← Scope
Profiles →