From 41765323173effe8bb7a88d6abb480d90ee8c83f Mon Sep 17 00:00:00 2001 From: axel simon Date: Sat, 30 Dec 2023 23:10:50 +0000 Subject: [PATCH] Update docs/how-to/provide-your-passwords.md Provide an explanation of encryption_passcommand. Also, adjust headers for consistency. --- docs/how-to/provide-your-passwords.md | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/docs/how-to/provide-your-passwords.md b/docs/how-to/provide-your-passwords.md index 7f92c49..755ee14 100644 --- a/docs/how-to/provide-your-passwords.md +++ b/docs/how-to/provide-your-passwords.md @@ -5,7 +5,7 @@ eleventyNavigation: parent: How-to guides order: 2 --- -## Environment variable interpolation +## Providing passwords and secrets to borgmatic If you want to use a Borg repository passphrase or database passwords with borgmatic, you can set them directly in your borgmatic configuration file, @@ -19,6 +19,18 @@ encryption_passphrase: yourpassphrase But if you'd rather store them outside of borgmatic, whether for convenience or security reasons, read on. +### Delegating to a another application + +borgmatic supports calling another application such as a password manager to +obtain the Borg passphrase to a repository. + +For example, to ask the *Pass* password manager to provide the passphrase: +```yaml +encryption_passcommand: pass path/to/borg-repokey +``` + +### Environment variable interpolation + New in version 1.6.4 borgmatic supports interpolating arbitrary environment variables directly into option values in your configuration file. That means you can instruct borgmatic to @@ -58,7 +70,7 @@ This uses the `YOUR_DATABASE_PASSWORD` environment variable as your database password. -### Interpolation defaults +#### Interpolation defaults If you'd like to set a default for your environment variables, you can do so with the following syntax: @@ -72,7 +84,7 @@ environment variable is not set. Without a default, if the environment variable doesn't exist, borgmatic will error. -### Disabling interpolation +#### Disabling interpolation To disable this environment variable interpolation feature entirely, you can pass the `--no-environment-interpolation` flag on the command-line. @@ -85,7 +97,7 @@ can escape it with a backslash. For instance, if your password is literally encryption_passphrase: \${A}@! ``` -### Related features +## Related features Another way to override particular options within a borgmatic configuration file is to use a [configuration