From 429007f7f3e948069a20fc48b7291eaddaae5dc8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Fri, 18 Aug 2023 18:10:55 +0200
Subject: [PATCH] document templates

---
 README.md | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/README.md b/README.md
index 7ae3dad..9508160 100644
--- a/README.md
+++ b/README.md
@@ -931,6 +931,30 @@ securely in your version control, e.g.
 [git-agecrypt](https://github.com/vlaci/git-agecrypt). These types of solutions
 can be used together with sops-nix.
 
+## Templates
+
+If you need secrets in a configuration file you can use the template feature to interpolate them:
+
+```nix
+{
+  sops.secrets.your-secret = { };
+  # At activation file, sops-nix will replace the placeholder with the configuration content
+  sops.templates."your-config-with-secrets.toml".content = ''
+    password = "${config.sops.placeholder.your-secret}"
+  '';
+  sops.templates."your-config-with-secrets.toml".owner = "servicuser";
+
+  systemd.services.myservice = {
+    # ...
+    serviceConfig = {
+      # you can refer to the rendered configuration with the secrets using the .path attribute.
+      ExecStart = "${pkgs.myservice}/bin/myservice --config ${config.sops.templates."your-config-with-secrets.toml".path}";
+      User = "serviceuser"
+    };
+  };
+}
+```
+
 
 ## Related projects