Variables

The following configuration variables are available:

Section	Variable	Type	Default value	Description
Top level	`cacheDir`	string	`$XDG_CACHE_HOME/chezmoi` `$HOME/.cache/chezmoi` `%USERPROFILE%/.cache/chezmoi`	Cache directory
	`color`	string	`auto`	Colorize output
	`data`	object	none	Template data
	`destDir`	string	`$HOME` `%USERPROFILE%`	Destination directory
	`encryption`	string	none	Encryption type, either `age` or `gpg`
	`env`	object	none	Extra environment variables for scripts and commands
	`format`	string	`json`	Format for data output, either `json` or `yaml`
	`mode`	string	`file`	Mode in target dir, either `file` or `symlink`
	`pager`	string	`$PAGER`	Default pager CLI command
	`persistentState`	string	`$XDG_CONFIG_HOME/chezmoi/chezmoi.boltdb` `$HOME/.config/chezmoi/chezmoi.boltdb` `%USERPROFILE%/.config/chezmoi/chezmoi.boltdb`	Location of the persistent state file
	`progress`	bool	`false`	Display progress bars
	`scriptEnv`	object	none	Extra environment variables for scripts and commands
	`scriptTempDir`	string	none	Temporary directory for scripts
	`sourceDir`	string	`$XDG_SHARE_HOME/chezmoi` `$HOME/.local/share/chezmoi` `%USERPROFILE%/.local/share/chezmoi`	Source directory
	`tempDir`	string	from system	Temporary directory
	`umask`	int	from system	Umask
	`useBuiltinAge`	string	`auto`	Use builtin age if `age` command is not found in `$PATH`
	`useBuiltinGit`	string	`auto`	Use builtin git if `git` command is not found in `$PATH`
	`verbose`	bool	`false`	Make output more verbose
	`workingTree`	string	source directory	git working tree directory
`add`	`encrypt`	bool	`false`	Encrypt by default
	`secrets`	string	`warning`	Action when secrets are found when adding files
	`templateSymlinks`	bool	`false`	Template symlinks to source and home dirs
`age`	`args`	[]string	none	Extra args to age CLI command
	`command`	string	`age`	age CLI command
	`identities`	[]string	none	age identity files
	`identity`	string	none	age identity file
	`passphrase`	bool	`false`	Use age passphrase instead of identity
	`recipient`	string	none	age recipient
	`recipients`	[]string	none	age recipients
	`recipientsFile`	string	none	age recipients file
	`recipientsFiles`	[]string	none	age recipients files
	`suffix`	string	`.age`	Suffix appended to age-encrypted files
	`symmetric`	bool	`false`	Use age symmetric encryption
`awsSecretsManager`	`profile`	string	none	AWS shared profile name
	`region`	string	none	AWS region
`azureKeyVault`	`defaultVault`	string	none	Default Azure Key Vault name
`bitwarden`	`command`	string	`bw`	Bitwarden CLI command
`bitwardenSecrets`	`command`	string	`bws`	Bitwarden Secrets CLI command
`cd`	`args`	[]string	none	Extra args to shell in `cd` command
	`command`	string	none	Shell to run in `cd` command
`completion`	`custom`	bool	`false`	Enable custom shell completions
`dashlane`	`args`	[]string	none	Extra args to Dashlane CLI command
	`command`	string	`dcli`	Dashlane CLI command
`diff`	`args`	[]string	see `diff`	Extra args to external diff command
	`command`	string	none	External diff command
	`exclude`	[]string	none	Entry types to exclude from diffs
	`pager`	string	none	Diff-specific pager
	`reverse`	bool	`false`	Reverse order of arguments to diff
	`scriptContents`	bool	`true`	Show script contents
`doppler`	`args`	[]string	none	Extra args to Doppler CLI command
	`command`	string	`doppler`	Doppler CLI command
	`config`	string	none	Default config (aka environment) if none is specified
	`project`	string	none	Default project name if none is specified
`edit`	`apply`	bool	`false`	Apply changes on exit
	`args`	[]string	none	Extra args to edit command
	`command`	string	`$EDITOR` / `$VISUAL`	Edit command
	`hardlink`	bool	`true`	Invoke editor with a hardlink to the source file
	`minDuration`	duration	`1s`	Minimum duration for edit command
	`watch`	bool	`false`	Automatically apply changes when files are saved
`ejson`	`key`	string	none	The private key to use for decryption, will supersede using the keyDir if set.
	`keyDir`	string	none	Path to directory containing private keys. Defaults to /opt/ejson/keys. Setting the EJSON_KEYDIR environment will also set this value, with lower precedence.
`git`	`autoAdd`	bool	`false`	Add changes to the source state after any change
	`autoCommit`	bool	`false`	Commit changes to the source state after any change
	`autoPush`	bool	`false`	Push changes to the source state after any change
	`command`	string	`git`	git CLI command
	`commitMessageTemplate`	string	none	Commit message template
	`commitMessageTemplateFile`	string	none	Commit message template file (relative to source directory)
`gitHub`	`refreshPeriod`	duration	`1m`	Minimum duration between identical GitHub API requests
`gopass`	`command`	string	`gopass`	gopass CLI command
`gpg`	`args`	[]string	none	Extra args to GPG CLI command
	`command`	string	`gpg`	GPG CLI command
	`recipient`	string	none	GPG recipient
	`recipients`	[]string	none	GPG recipients
	`suffix`	string	`.asc`	Suffix appended to GPG-encrypted files
	`symmetric`	bool	`false`	Use symmetric GPG encryption
`hcpVaultSecrets`	`applicationName`	string	none	Default application name if none is specified
	`args`	[]string	none	Extra args to HCP Vault Secrets CLI command
	`command`	string	`vlt`	HCP Vault Secrets CLI command
	`organizationId`	string	none	Default organization ID if none is specified
	`projectId`	string	none	Default project ID if none is specified
`hooks`	command`.post.args`	[]string	none	Extra arguments to command to run after command
	command`.post.command`	[]string	none	Command to run after command
	command`.pre.args`	[]string	none	Extra arguments to command to run before command
	command`.pre.command`	[]string	none	Command to run before command
`interpreters`	extension.`args`	[]string	none	See Scripts on Windows
	extension.`command`	string	special	See Scripts on Windows
`keepassxc`	`args`	[]string	none	Extra args to KeePassXC CLI command
	`command`	string	`keepassxc-cli`	KeePassXC CLI command
	`database`	string	none	KeePassXC database
	`mode`	string	`cache-password`	See KeePassXC functions
	`prompt`	bool	`true`	Prompt for password
`keeper`	`args`	[]string	none	Extra args to Keeper CLI command
	`command`	string	`keeper`	Keeper CLI command
`lastpass`	`command`	string	`lpass`	LastPass CLI command
`merge`	`args`	[]string	See `merge`	Extra args to three-way merge CLI command
	`command`	string	none	Three-way merge CLI command
`onepassword`	`cache`	bool	`true`	Enable optional caching provided by `op`
	`command`	string	`op`	1Password CLI command
	`mode`	string	`account`	See 1Password Secrets Automation
	`prompt`	bool	`true`	Prompt for sign-in when no valid session is available
`onepasswordSDK`	`token`	string	none	See 1Password SDK functions
	`tokenEnvVar`	string	none	See 1Password SDK functions
`pass`	`command`	string	`pass`	Pass CLI command
`passhole`	`args`	[]string	none	Extra args to Passhole CLI command
	`command`	string	`ph`	Passhole CLI command
	`prompt`	bool	`true`	Prompt for password
`pinentry`	`args`	[]string	none	Extra args to pinentry CLI command
	`command`	string	none	pinentry CLI command
	`options`	[]string	See `pinentry`	Extra options for pinentry
`rbw`	`command`	string	`rbw`	Unofficial Bitwarden CLI command
`secret`	`args`	[]string	none	Extra args to secret CLI command
	`command`	string	none	Generic secret CLI command
`status`	`exclude`	[]string	none	Entry types to exclude from status
	`pathStyle`	string	`relative`	How to present the path to files in status output
`template`	`options`	[]string	`["missingkey=error"]`	Template options
`textconv`		[]object	none	See textconv
`update`	`apply`	bool	`true`	Apply after pulling
	`args`	[]string	none	Extra args to update command
	`command`	string	none	Update command
	`recurseSubmodules`	bool	`true`	Update submodules recursively
`vault`	`command`	string	`vault`	Vault CLI command
`verify`	`exclude`	[]string	none	Entry types to exclude from verify
`warnings`		object	none	See Warnings