Skip to content

Variables

The following configuration variables are available:

Section Variable Type Default value Description
Top level cacheDir string $XDG_CACHE_HOME/chezmoi
$HOME/.cache/chezmoi
%USERPROFILE%/.cache/chezmoi
Cache directory
color string auto Colorize output
data object none Template data
destDir string $HOME
%USERPROFILE%
Destination directory
encryption string none Encryption type, either age or gpg
env object none Extra environment variables for scripts and commands
format string json Format for data output, either json or yaml
interactive string false Prompt for all changes
mode string file Mode in target dir, either file or symlink
pager string $PAGER Default pager CLI command
persistentState string $XDG_CONFIG_HOME/chezmoi/chezmoi.boltdb
$HOME/.config/chezmoi/chezmoi.boltdb
%USERPROFILE%/.config/chezmoi/chezmoi.boltdb
Location of the persistent state file
progress bool false Display progress bars
scriptEnv object none Extra environment variables for scripts and commands
scriptTempDir string none Temporary directory for scripts
sourceDir string $XDG_SHARE_HOME/chezmoi
$HOME/.local/share/chezmoi
%USERPROFILE%/.local/share/chezmoi
Source directory
tempDir string from system Temporary directory
umask int from system Umask
useBuiltinAge string auto Use builtin age if age command is not found in $PATH
useBuiltinGit string auto Use builtin git if git command is not found in $PATH
verbose bool false Make output more verbose
workingTree string source directory git working tree directory
add encrypt bool false Encrypt by default
secrets string warning Action when secrets are found when adding files
templateSymlinks bool false Template symlinks to source and home dirs
age args []string none Extra args to age CLI command
command string age age CLI command
identities []string none age identity files
identity string none age identity file
passphrase bool false Use age passphrase instead of identity
recipient string none age recipient
recipients []string none age recipients
recipientsFile string none age recipients file
recipientsFiles []string none age recipients files
suffix string .age Suffix appended to age-encrypted files
symmetric bool false Use age symmetric encryption
awsSecretsManager profile string none AWS shared profile name
region string none AWS region
azureKeyVault defaultVault string none Default Azure Key Vault name
bitwarden command string bw Bitwarden CLI command
bitwardenSecrets command string bws Bitwarden Secrets CLI command
cd args []string none Extra args to shell in cd command
command string none Shell to run in cd command
completion custom bool false Enable custom shell completions
dashlane args []string none Extra args to Dashlane CLI command
command string dcli Dashlane CLI command
diff args []string see diff Extra args to external diff command
command string none External diff command
exclude []string none Entry types to exclude from diffs
pager string none Diff-specific pager
reverse bool false Reverse order of arguments to diff
scriptContents bool true Show script contents
doppler args []string none Extra args to Doppler CLI command
command string doppler Doppler CLI command
config string none Default config (aka environment) if none is specified
project string none Default project name if none is specified
edit apply bool false Apply changes on exit
args []string none Extra args to edit command
command string $EDITOR / $VISUAL Edit command
hardlink bool true Invoke editor with a hardlink to the source file
minDuration duration 1s Minimum duration for edit command
watch bool false Automatically apply changes when files are saved
ejson key string none The private key to use for decryption, will supersede using the keyDir if set.
keyDir string none Path to directory containing private keys. Defaults to /opt/ejson/keys. Setting the EJSON_KEYDIR environment will also set this value, with lower precedence.
git autoAdd bool false Add changes to the source state after any change
autoCommit bool false Commit changes to the source state after any change
autoPush bool false Push changes to the source state after any change
command string git git CLI command
commitMessageTemplate string none Commit message template
commitMessageTemplateFile string none Commit message template file (relative to source directory)
gitHub refreshPeriod duration 1m Minimum duration between identical GitHub API requests
gopass command string gopass gopass CLI command
gpg args []string none Extra args to GPG CLI command
command string gpg GPG CLI command
recipient string none GPG recipient
recipients []string none GPG recipients
suffix string .asc Suffix appended to GPG-encrypted files
symmetric bool false Use symmetric GPG encryption
hcpVaultSecrets applicationName string none Default application name if none is specified
args []string none Extra args to HCP Vault Secrets CLI command
command string vlt HCP Vault Secrets CLI command
organizationId string none Default organization ID if none is specified
projectId string none Default project ID if none is specified
hooks command.post.args []string none Extra arguments to command to run after command
command.post.command []string none Command to run after command
command.pre.args []string none Extra arguments to command to run before command
command.pre.command []string none Command to run before command
interpreters extension.args []string none See Scripts on Windows
extension.command string special See Scripts on Windows
keepassxc args []string none Extra args to KeePassXC CLI command
command string keepassxc-cli KeePassXC CLI command
database string none KeePassXC database
mode string cache-password See KeePassXC functions
prompt bool true Prompt for password
keeper args []string none Extra args to Keeper CLI command
command string keeper Keeper CLI command
lastpass command string lpass LastPass CLI command
merge args []string See merge Extra args to three-way merge CLI command
command string none Three-way merge CLI command
onepassword cache bool true Enable optional caching provided by op
command string op 1Password CLI command
mode string account See 1Password Secrets Automation
prompt bool true Prompt for sign-in when no valid session is available
onepasswordSDK token string none See 1Password SDK functions
tokenEnvVar string none See 1Password SDK functions
pass command string pass Pass CLI command
passhole args []string none Extra args to Passhole CLI command
command string ph Passhole CLI command
prompt bool true Prompt for password
pinentry args []string none Extra args to pinentry CLI command
command string none pinentry CLI command
options []string See pinentry Extra options for pinentry
rbw command string rbw Unofficial Bitwarden CLI command
secret args []string none Extra args to secret CLI command
command string none Generic secret CLI command
status exclude []string none Entry types to exclude from status
pathStyle string relative How to present the path to files in status output
template options []string ["missingkey=error"] Template options
textconv []object none See textconv
update apply bool true Apply after pulling
args []string none Extra args to update command
command string none Update command
recurseSubmodules bool true Update submodules recursively
vault command string vault Vault CLI command
verify exclude []string none Entry types to exclude from verify
warnings object none See Warnings