From 8f9cfaa3260075d3c1ccda10eb845b5fe6902589 Mon Sep 17 00:00:00 2001
From: Knut Ahlers <knut@ahlers.me>
Date: Sat, 25 Jun 2016 15:18:08 +0200
Subject: [PATCH] Documented env-template function

---
 README.md | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/README.md b/README.md
index b7e3d81..a3d9f0c 100644
--- a/README.md
+++ b/README.md
@@ -6,3 +6,23 @@
 # Luzifer / duplicity-backup
 
 `duplicity-backup` is a wrapper to execute a duplicity backup using a configuration file. It is designed to simplify handling backups on and restores from remote targets. All information required for the backup is set using the configuration file. Also the wrapper notifies targets (slack / [mondash](https://mondash.org/)) about successful and failed backups.
+
+## Using without writing passwords to disk
+
+Starting with version `v0.7.0` the `duplicity-backup` wrapper supports reading variables from the environment instead of writing the secrets to your disk. In every section of the file you can use the function `{{env "encrypt-password"}}` to read configuration options from the environment. As an example you could utilize [`vault2env`](https://gobuilder.me/github.com/Luzifer/vault2env) to set those variables from a Vault instance:
+
+```bash
+# vault write /secret/backups/mybackup encrypt-password=bVFq5jdyvkHD6VCvSQUY
+Success! Data written to: secret/backups/mybackup
+
+# cat ~/.duplicity.yaml
+[...]
+encryption:
+  enable: true
+  passphrase: {{env `encrypt-password`}}
+[...]
+
+# vault2env /secret/backups/mybackup -- duplicity-backup -f ~/.duplicity.yaml backup
+(2016-06-25 15:07:06) ++++ duplicity-backup v0.7.0 started with command 'backup'
+[...]
+```