Encrypted secret
WARNING
To use encryption, you need to have gnupg installed, and a pair of gpg keys.
Encrypted value will be stored in your variable file, but once rendered, secret will be decrypted in .dots/
directory. Before going further ensure .dots/
is in your dotfiles repository .gitignore.
Configuration
Add your gpg user id to bombadil.toml
:
toml
dotfile_dir = "bombadil-example"
# The gpg user associated with the key pair you want to use
gpg_user_id = "me@example.org"
vars = [ "vars.toml" ]
Adding secrets
bash
bombadil add-secret -k "server_password" -v "hunter2" -f vars.toml
Alternatively If you want to avoid having secrets in your shell history :
bash
bombadil add-secret -k "server_password" -f vars.toml --ask
TIP
Note that from now on bombadil will prompt for your GPG key password each time you link dot entries. Make sure to configure the desired pinentry program in ~/.gnupg/gpg-agent.conf
.
bash
# File: /home/okno/.gnupg/gpg-agent.conf
pinentry-program /usr/bin/pinentry-gnome3
# ...