Skip to content


chezmoi supports encrypting files with age and gpg.

Encrypted files are stored in ASCII-armored format in the source directory with the encrypted_ attribute and are automatically decrypted when needed.

Add files to be encrypted with the --encrypt flag, for example:

$ chezmoi add --encrypt ~/.ssh/id_rsa

chezmoi edit will transparently decrypt the file before editing and re-encrypt it afterwards.