diff --git a/docs/how-to/provide-your-passwords.md b/docs/how-to/provide-your-passwords.md index 99b56e49..44bd3314 100644 --- a/docs/how-to/provide-your-passwords.md +++ b/docs/how-to/provide-your-passwords.md @@ -5,7 +5,7 @@ eleventyNavigation: parent: How-to guides order: 2 --- -## Environment variable interpolation +## Providing passwords and secrets to borgmatic If you want to use a Borg repository passphrase or database passwords with borgmatic, you can set them directly in your borgmatic configuration file, @@ -13,6 +13,18 @@ treating those secrets like any other option value. But if you'd rather store them outside of borgmatic, whether for convenience or security reasons, read on. +### Delegating to a another application + +borgmatic supports calling another application such as a password manager to +obtain the borg passphrase to a repository. + +For example, to ask password manager to provide the passphrase: +```yaml +encryption_passcommand: pass path/to/borg-repokey +``` + +### Environment variable interpolation + New in version 1.6.4 borgmatic supports interpolating arbitrary environment variables directly into option values in your configuration file. That means you can instruct borgmatic to @@ -52,7 +64,7 @@ This uses the `MY_DATABASE_PASSWORD` environment variable as your database password. -### Interpolation defaults +#### Interpolation defaults If you'd like to set a default for your environment variables, you can do so with the following syntax: @@ -65,7 +77,7 @@ environment variable is not set. Without a default, if the environment variable doesn't exist, borgmatic will error. -### Disabling interpolation +#### Disabling interpolation To disable this environment variable interpolation feature entirely, you can pass the `--no-environment-interpolation` flag on the command-line.