provide-your-passwords.md 2.0 KB
title: How to provide your passwords eleventyNavigation: key: 🔒 Provide your passwords parent: How-to guides
order: 2
If you want to use a Borg repository passphrase or database passwords with borgmatic, you can set them directly in your borgmatic configuration file, treating those secrets like any other option value. For instance, you can specify your Borg passhprase with:
encryption_passphrase: yourpassphrase
But if you'd rather store them outside of borgmatic, whether for convenience or security reasons, read on.
Delegating to another application
borgmatic supports calling another application such as a password manager to obtain the Borg passphrase to a repository.
For example, to ask the Pass password manager to provide the passphrase:
encryption_passcommand: pass path/to/borg-passphrase
New in version 1.9.9 Instead of letting Borg run the passcommand—potentially multiple times since borgmatic runs Borg multiple times—borgmatic now runs the passcommand itself and passes the resulting passphrase securely to Borg via an anonymous pipe. This means you should only ever get prompted for your password manager's passphrase at most once per borgmatic run.
Using external credentials
New in version 1.9.10 Several borgmatic options support reading their values directly from an external credential store or service. See the credentials documentation for details.
Using environment variables
Another way to get passwords into your configuration file is by interpolating arbitrary environment variables directly into option values.