PyPI - secretzero - Versions diffs - 0.1.1__tar.gz - Mend

secretzero 0.1.1__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (275) hide show

secretzero-0.1.1/.envrc +7 -0
secretzero-0.1.1/.github/FUNDING.yml +1 -0
secretzero-0.1.1/.github/PULL_REQUEST_TEMPLATE.md +29 -0
secretzero-0.1.1/.github/TEMPLATE_TARGET_IMPLEMENTATION.md +513 -0
secretzero-0.1.1/.github/TEMPLATE_TARGET_QUICK_START.md +251 -0
secretzero-0.1.1/.github/copilot-instructions.md +560 -0
secretzero-0.1.1/.github/dependabot.yml +10 -0
secretzero-0.1.1/.github/prompts/build.yml +63 -0
secretzero-0.1.1/.github/workflows/actionsup.disabled +21 -0
secretzero-0.1.1/.github/workflows/docker.yaml +87 -0
secretzero-0.1.1/.github/workflows/docs.yaml +47 -0
secretzero-0.1.1/.github/workflows/release.yaml +104 -0
secretzero-0.1.1/.github/workflows/test.yaml +55 -0
secretzero-0.1.1/.gitignore +39 -0
secretzero-0.1.1/.gitsecrets.lock +41 -0
secretzero-0.1.1/Dockerfile +55 -0
secretzero-0.1.1/LICENSE +201 -0
secretzero-0.1.1/PKG-INFO +591 -0
secretzero-0.1.1/README.md +507 -0
secretzero-0.1.1/Secretfile.example.yml +203 -0
secretzero-0.1.1/Secretfile.schema.json +416 -0
secretzero-0.1.1/Secretfile.test.yml +104 -0
secretzero-0.1.1/Secretfile.yml +66 -0
secretzero-0.1.1/Taskfile.yml +252 -0
secretzero-0.1.1/configure.sh +24 -0
secretzero-0.1.1/docker-compose.yml +110 -0
secretzero-0.1.1/docs/api-getting-started.md +373 -0
secretzero-0.1.1/docs/development.md +120 -0
secretzero-0.1.1/docs/examples/complete.md +913 -0
secretzero-0.1.1/docs/examples/index.md +426 -0
secretzero-0.1.1/docs/examples/repository.md +675 -0
secretzero-0.1.1/docs/extending.md +288 -0
secretzero-0.1.1/docs/getting-started/concepts.md +986 -0
secretzero-0.1.1/docs/getting-started/first-project.md +861 -0
secretzero-0.1.1/docs/getting-started/index.md +176 -0
secretzero-0.1.1/docs/getting-started/installation.md +438 -0
secretzero-0.1.1/docs/getting-started/quickstart.md +456 -0
secretzero-0.1.1/docs/inc/Secret0_logo.png +0 -0
secretzero-0.1.1/docs/inc/secret0_angel.png +0 -0
secretzero-0.1.1/docs/inc/secret0_angel_small.png +0 -0
secretzero-0.1.1/docs/index.md +302 -0
secretzero-0.1.1/docs/javascripts/mermaid.js +28 -0
secretzero-0.1.1/docs/reference/architecture.md +998 -0
secretzero-0.1.1/docs/reference/changelog.md +429 -0
secretzero-0.1.1/docs/reference/faq.md +934 -0
secretzero-0.1.1/docs/reference/troubleshooting.md +1220 -0
secretzero-0.1.1/docs/schema.md +434 -0
secretzero-0.1.1/docs/status.md +280 -0
secretzero-0.1.1/docs/stylesheets/extra.css +103 -0
secretzero-0.1.1/docs/use-cases/compliance.md +1726 -0
secretzero-0.1.1/docs/use-cases/github-actions.md +892 -0
secretzero-0.1.1/docs/use-cases/gitlab-cicd.md +849 -0
secretzero-0.1.1/docs/use-cases/index.md +99 -0
secretzero-0.1.1/docs/use-cases/jenkins.md +723 -0
secretzero-0.1.1/docs/use-cases/kubernetes.md +1599 -0
secretzero-0.1.1/docs/use-cases/local-development.md +643 -0
secretzero-0.1.1/docs/use-cases/migration.md +2197 -0
secretzero-0.1.1/docs/use-cases/multi-cloud.md +2114 -0
secretzero-0.1.1/docs/use_cases.md +31 -0
secretzero-0.1.1/docs/user-guide/api/authentication.md +554 -0
secretzero-0.1.1/docs/user-guide/api/deployment.md +932 -0
secretzero-0.1.1/docs/user-guide/api/endpoints.md +844 -0
secretzero-0.1.1/docs/user-guide/api/getting-started.md +541 -0
secretzero-0.1.1/docs/user-guide/api/index.md +179 -0
secretzero-0.1.1/docs/user-guide/api/python-client.md +790 -0
secretzero-0.1.1/docs/user-guide/cli/create.md +490 -0
secretzero-0.1.1/docs/user-guide/cli/drift.md +466 -0
secretzero-0.1.1/docs/user-guide/cli/graph.md +461 -0
secretzero-0.1.1/docs/user-guide/cli/index.md +657 -0
secretzero-0.1.1/docs/user-guide/cli/init.md +341 -0
secretzero-0.1.1/docs/user-guide/cli/policy.md +603 -0
secretzero-0.1.1/docs/user-guide/cli/rotate.md +583 -0
secretzero-0.1.1/docs/user-guide/cli/show.md +399 -0
secretzero-0.1.1/docs/user-guide/cli/sync.md +586 -0
secretzero-0.1.1/docs/user-guide/cli/test.md +669 -0
secretzero-0.1.1/docs/user-guide/cli/validate.md +398 -0
secretzero-0.1.1/docs/user-guide/configuration/index.md +552 -0
secretzero-0.1.1/docs/user-guide/configuration/secretfile.md +980 -0
secretzero-0.1.1/docs/user-guide/configuration/validation.md +872 -0
secretzero-0.1.1/docs/user-guide/configuration/variables.md +811 -0
secretzero-0.1.1/docs/user-guide/index.md +306 -0
secretzero-0.1.1/docs/user-guide/providers/aws.md +902 -0
secretzero-0.1.1/docs/user-guide/providers/azure.md +953 -0
secretzero-0.1.1/docs/user-guide/providers/github.md +1062 -0
secretzero-0.1.1/docs/user-guide/providers/gitlab.md +1598 -0
secretzero-0.1.1/docs/user-guide/providers/index.md +447 -0
secretzero-0.1.1/docs/user-guide/providers/jenkins.md +1303 -0
secretzero-0.1.1/docs/user-guide/providers/kubernetes.md +2273 -0
secretzero-0.1.1/docs/user-guide/providers/local.md +456 -0
secretzero-0.1.1/docs/user-guide/providers/vault.md +1360 -0
secretzero-0.1.1/docs/user-guide/targets/aws.md +857 -0
secretzero-0.1.1/docs/user-guide/targets/azure.md +1510 -0
secretzero-0.1.1/docs/user-guide/targets/github.md +1291 -0
secretzero-0.1.1/docs/user-guide/targets/gitlab.md +1498 -0
secretzero-0.1.1/docs/user-guide/targets/index.md +355 -0
secretzero-0.1.1/docs/user-guide/targets/jenkins.md +1326 -0
secretzero-0.1.1/docs/user-guide/targets/kubernetes.md +2409 -0
secretzero-0.1.1/docs/user-guide/targets/local.md +823 -0
secretzero-0.1.1/docs/user-guide/targets/vault.md +1674 -0
secretzero-0.1.1/examples/README.md +404 -0
secretzero-0.1.1/examples/api-example.yml +180 -0
secretzero-0.1.1/examples/aws-only.yml +52 -0
secretzero-0.1.1/examples/compliance.yml +79 -0
secretzero-0.1.1/examples/drift-detection.yml +72 -0
secretzero-0.1.1/examples/github-actions.yml +80 -0
secretzero-0.1.1/examples/gitlab-cicd.md +296 -0
secretzero-0.1.1/examples/jenkins-credentials.md +400 -0
secretzero-0.1.1/examples/kubernetes-basic.yml +114 -0
secretzero-0.1.1/examples/kubernetes-complete.yml +270 -0
secretzero-0.1.1/examples/kubernetes-external-secrets.yml +127 -0
secretzero-0.1.1/examples/kubernetes-multi-namespace.yml +168 -0
secretzero-0.1.1/examples/local-only.yml +73 -0
secretzero-0.1.1/examples/multi-cicd.yml +472 -0
secretzero-0.1.1/examples/multi-cloud.yml +151 -0
secretzero-0.1.1/examples/rotation-policies.yml +123 -0
secretzero-0.1.1/mise.toml +10 -0
secretzero-0.1.1/mkdocs.yml +233 -0
secretzero-0.1.1/project/ROADMAP.md +358 -0
secretzero-0.1.1/project/phase1.md +274 -0
secretzero-0.1.1/project/phase2.md +475 -0
secretzero-0.1.1/project/phase3.md +619 -0
secretzero-0.1.1/project/phase4.md +607 -0
secretzero-0.1.1/project/phase5.md +569 -0
secretzero-0.1.1/project/phase6.md +433 -0
secretzero-0.1.1/project/phase7.md +621 -0
secretzero-0.1.1/project/phase8.md +1 -0
secretzero-0.1.1/pyproject.toml +156 -0
secretzero-0.1.1/scripts/detect-project-secrets.sh +321 -0
secretzero-0.1.1/setup.cfg +4 -0
secretzero-0.1.1/site/404.html +4312 -0
secretzero-0.1.1/site/api-getting-started/index.html +4647 -0
secretzero-0.1.1/site/assets/_mkdocstrings.css +237 -0
secretzero-0.1.1/site/assets/images/favicon.png +0 -0
secretzero-0.1.1/site/assets/javascripts/bundle.79ae519e.min.js +16 -0
secretzero-0.1.1/site/assets/javascripts/bundle.79ae519e.min.js.map +7 -0
secretzero-0.1.1/site/assets/javascripts/lunr/min/lunr.ar.min.js +1 -0
secretzero-0.1.1/site/assets/javascripts/lunr/min/lunr.da.min.js +18 -0
secretzero-0.1.1/site/assets/javascripts/lunr/min/lunr.de.min.js +18 -0
secretzero-0.1.1/site/assets/javascripts/lunr/min/lunr.du.min.js +18 -0
secretzero-0.1.1/site/assets/javascripts/lunr/min/lunr.el.min.js +1 -0
secretzero-0.1.1/site/assets/javascripts/lunr/min/lunr.es.min.js +18 -0
secretzero-0.1.1/site/assets/javascripts/lunr/min/lunr.fi.min.js +18 -0
secretzero-0.1.1/site/assets/javascripts/lunr/min/lunr.fr.min.js +18 -0
secretzero-0.1.1/site/assets/javascripts/lunr/min/lunr.he.min.js +1 -0
secretzero-0.1.1/site/assets/javascripts/lunr/min/lunr.hi.min.js +1 -0
secretzero-0.1.1/site/assets/javascripts/lunr/min/lunr.hu.min.js +18 -0
secretzero-0.1.1/site/assets/javascripts/lunr/min/lunr.hy.min.js +1 -0
secretzero-0.1.1/site/assets/javascripts/lunr/min/lunr.it.min.js +18 -0
secretzero-0.1.1/site/assets/javascripts/lunr/min/lunr.ja.min.js +1 -0
secretzero-0.1.1/site/assets/javascripts/lunr/min/lunr.jp.min.js +1 -0
secretzero-0.1.1/site/assets/javascripts/lunr/min/lunr.kn.min.js +1 -0
secretzero-0.1.1/site/assets/javascripts/lunr/min/lunr.ko.min.js +1 -0
secretzero-0.1.1/site/assets/javascripts/lunr/min/lunr.multi.min.js +1 -0
secretzero-0.1.1/site/assets/javascripts/lunr/min/lunr.nl.min.js +18 -0
secretzero-0.1.1/site/assets/javascripts/lunr/min/lunr.no.min.js +18 -0
secretzero-0.1.1/site/assets/javascripts/lunr/min/lunr.pt.min.js +18 -0
secretzero-0.1.1/site/assets/javascripts/lunr/min/lunr.ro.min.js +18 -0
secretzero-0.1.1/site/assets/javascripts/lunr/min/lunr.ru.min.js +18 -0
secretzero-0.1.1/site/assets/javascripts/lunr/min/lunr.sa.min.js +1 -0
secretzero-0.1.1/site/assets/javascripts/lunr/min/lunr.stemmer.support.min.js +1 -0
secretzero-0.1.1/site/assets/javascripts/lunr/min/lunr.sv.min.js +18 -0
secretzero-0.1.1/site/assets/javascripts/lunr/min/lunr.ta.min.js +1 -0
secretzero-0.1.1/site/assets/javascripts/lunr/min/lunr.te.min.js +1 -0
secretzero-0.1.1/site/assets/javascripts/lunr/min/lunr.th.min.js +1 -0
secretzero-0.1.1/site/assets/javascripts/lunr/min/lunr.tr.min.js +18 -0
secretzero-0.1.1/site/assets/javascripts/lunr/min/lunr.vi.min.js +1 -0
secretzero-0.1.1/site/assets/javascripts/lunr/min/lunr.zh.min.js +1 -0
secretzero-0.1.1/site/assets/javascripts/lunr/tinyseg.js +206 -0
secretzero-0.1.1/site/assets/javascripts/lunr/wordcut.js +6708 -0
secretzero-0.1.1/site/assets/javascripts/workers/search.2c215733.min.js +42 -0
secretzero-0.1.1/site/assets/javascripts/workers/search.2c215733.min.js.map +7 -0
secretzero-0.1.1/site/assets/stylesheets/main.484c7ddc.min.css +1 -0
secretzero-0.1.1/site/assets/stylesheets/main.484c7ddc.min.css.map +1 -0
secretzero-0.1.1/site/assets/stylesheets/palette.ab4e12ef.min.css +1 -0
secretzero-0.1.1/site/assets/stylesheets/palette.ab4e12ef.min.css.map +1 -0
secretzero-0.1.1/site/extending/index.html +4569 -0
secretzero-0.1.1/site/getting-started/index.html +4536 -0
secretzero-0.1.1/site/getting-started/installation/index.html +5184 -0
secretzero-0.1.1/site/getting-started/quickstart/index.html +5028 -0
secretzero-0.1.1/site/index.html +4889 -0
secretzero-0.1.1/site/objects.inv +0 -0
secretzero-0.1.1/site/schema/index.html +4865 -0
secretzero-0.1.1/site/search/search_index.json +1 -0
secretzero-0.1.1/site/sitemap.xml +275 -0
secretzero-0.1.1/site/sitemap.xml.gz +0 -0
secretzero-0.1.1/site/stylesheets/extra.css +103 -0
secretzero-0.1.1/site/use_cases/index.html +4360 -0
secretzero-0.1.1/src/secretzero/__init__.py +13 -0
secretzero-0.1.1/src/secretzero/_version.py +34 -0
secretzero-0.1.1/src/secretzero/api/__init__.py +5 -0
secretzero-0.1.1/src/secretzero/api/app.py +654 -0
secretzero-0.1.1/src/secretzero/api/audit.py +107 -0
secretzero-0.1.1/src/secretzero/api/auth.py +70 -0
secretzero-0.1.1/src/secretzero/api/schemas.py +168 -0
secretzero-0.1.1/src/secretzero/api/server.py +64 -0
secretzero-0.1.1/src/secretzero/cli.py +2588 -0
secretzero-0.1.1/src/secretzero/cli_providers.py +491 -0
secretzero-0.1.1/src/secretzero/config.py +134 -0
secretzero-0.1.1/src/secretzero/drift.py +260 -0
secretzero-0.1.1/src/secretzero/generators/__init__.py +17 -0
secretzero-0.1.1/src/secretzero/generators/base.py +52 -0
secretzero-0.1.1/src/secretzero/generators/provider_backed.py +156 -0
secretzero-0.1.1/src/secretzero/generators/random_password.py +67 -0
secretzero-0.1.1/src/secretzero/generators/random_string.py +42 -0
secretzero-0.1.1/src/secretzero/generators/script.py +68 -0
secretzero-0.1.1/src/secretzero/generators/static.py +120 -0
secretzero-0.1.1/src/secretzero/graph.py +414 -0
secretzero-0.1.1/src/secretzero/lockfile.py +225 -0
secretzero-0.1.1/src/secretzero/models.py +149 -0
secretzero-0.1.1/src/secretzero/policy.py +269 -0
secretzero-0.1.1/src/secretzero/providers/__init__.py +24 -0
secretzero-0.1.1/src/secretzero/providers/aws.py +419 -0
secretzero-0.1.1/src/secretzero/providers/azure.py +368 -0
secretzero-0.1.1/src/secretzero/providers/base.py +255 -0
secretzero-0.1.1/src/secretzero/providers/capabilities.py +150 -0
secretzero-0.1.1/src/secretzero/providers/github.py +416 -0
secretzero-0.1.1/src/secretzero/providers/gitlab.py +382 -0
secretzero-0.1.1/src/secretzero/providers/jenkins.py +346 -0
secretzero-0.1.1/src/secretzero/providers/kubernetes.py +381 -0
secretzero-0.1.1/src/secretzero/providers/registry.py +123 -0
secretzero-0.1.1/src/secretzero/providers/vault.py +442 -0
secretzero-0.1.1/src/secretzero/rotation.py +113 -0
secretzero-0.1.1/src/secretzero/sync.py +1104 -0
secretzero-0.1.1/src/secretzero/targets/__init__.py +40 -0
secretzero-0.1.1/src/secretzero/targets/aws.py +283 -0
secretzero-0.1.1/src/secretzero/targets/azure.py +149 -0
secretzero-0.1.1/src/secretzero/targets/base.py +65 -0
secretzero-0.1.1/src/secretzero/targets/file.py +216 -0
secretzero-0.1.1/src/secretzero/targets/github.py +216 -0
secretzero-0.1.1/src/secretzero/targets/gitlab.py +177 -0
secretzero-0.1.1/src/secretzero/targets/jenkins.py +227 -0
secretzero-0.1.1/src/secretzero/targets/kubernetes.py +265 -0
secretzero-0.1.1/src/secretzero/targets/template.py +117 -0
secretzero-0.1.1/src/secretzero/targets/vault.py +164 -0
secretzero-0.1.1/src/secretzero.egg-info/PKG-INFO +591 -0
secretzero-0.1.1/src/secretzero.egg-info/SOURCES.txt +273 -0
secretzero-0.1.1/src/secretzero.egg-info/dependency_links.txt +1 -0
secretzero-0.1.1/src/secretzero.egg-info/entry_points.txt +3 -0
secretzero-0.1.1/src/secretzero.egg-info/requires.txt +76 -0
secretzero-0.1.1/src/secretzero.egg-info/top_level.txt +1 -0
secretzero-0.1.1/tasks/Taskfile.docker.yml +100 -0
secretzero-0.1.1/tasks/Taskfile.git.yml +117 -0
secretzero-0.1.1/tasks/Taskfile.github.yml +53 -0
secretzero-0.1.1/tests/test_api.py +376 -0
secretzero-0.1.1/tests/test_aws_capability_methods.py +337 -0
secretzero-0.1.1/tests/test_azure_capability_methods.py +154 -0
secretzero-0.1.1/tests/test_capabilities.py +343 -0
secretzero-0.1.1/tests/test_cicd_providers.py +553 -0
secretzero-0.1.1/tests/test_cli.py +332 -0
secretzero-0.1.1/tests/test_cli_providers.py +260 -0
secretzero-0.1.1/tests/test_config.py +157 -0
secretzero-0.1.1/tests/test_file_target_validation.py +134 -0
secretzero-0.1.1/tests/test_generators.py +265 -0
secretzero-0.1.1/tests/test_github_capability_methods.py +147 -0
secretzero-0.1.1/tests/test_github_token_info.py +186 -0
secretzero-0.1.1/tests/test_gitlab_capability_methods.py +148 -0
secretzero-0.1.1/tests/test_graph.py +348 -0
secretzero-0.1.1/tests/test_integration_capability_workflows.py +401 -0
secretzero-0.1.1/tests/test_jenkins_capability_methods.py +155 -0
secretzero-0.1.1/tests/test_kubernetes.py +355 -0
secretzero-0.1.1/tests/test_kubernetes_capability_methods.py +174 -0
secretzero-0.1.1/tests/test_lockfile.py +142 -0
secretzero-0.1.1/tests/test_lockfile_partial_success.py +60 -0
secretzero-0.1.1/tests/test_lockfile_rotation.py +168 -0
secretzero-0.1.1/tests/test_models.py +162 -0
secretzero-0.1.1/tests/test_policy.py +342 -0
secretzero-0.1.1/tests/test_provider_backed_generator.py +397 -0
secretzero-0.1.1/tests/test_providers.py +309 -0
secretzero-0.1.1/tests/test_rotation.py +150 -0
secretzero-0.1.1/tests/test_static_empty_values.py +73 -0
secretzero-0.1.1/tests/test_sync_by_name.py +207 -0
secretzero-0.1.1/tests/test_targets.py +228 -0
secretzero-0.1.1/tests/test_template_target.py +329 -0
secretzero-0.1.1/tests/test_vault_capability_methods.py +348 -0
secretzero-0.1.1/uv.lock +1998 -0

secretzero-0.1.1/.envrc ADDED Viewed

@@ -0,0 +1,7 @@
+#!/bin/bash
+# This script sets environment variables from a .env file if it exists.
+set -a
+if [ -f .env ]; then
+  source .env
+fi
+set +a

secretzero-0.1.1/.github/FUNDING.yml ADDED Viewed

	@@ -0,0 +1 @@
1	+ github: [zloeber]

secretzero-0.1.1/.github/PULL_REQUEST_TEMPLATE.md ADDED Viewed

@@ -0,0 +1,29 @@
+## Description
+[Provide a detailed description of the changes in this PR]
+## Related Issues
+[Link to related issues using #issue-number format]
+## Documentation PR
+[Link to related associated PR in the repo]
+## Type of Change
+- Bug fix
+- New feature
+- Breaking change
+- Documentation update
+- Other (please describe):
+[Choose one of the above types of changes]
+## Testing
+[How have you tested the change?]
+## Checklist
+- [ ] I have added tests that prove my fix is effective or my feature works
+- [ ] I have updated the documentation accordingly
+- [ ] I have added an appropriate example to the documentation to outline the feature
+- [ ] My changes generate no new warnings
+- [ ] Any dependent changes have been merged and published
+By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

secretzero-0.1.1/.github/TEMPLATE_TARGET_IMPLEMENTATION.md ADDED Viewed

@@ -0,0 +1,513 @@
+# Jinja2 Template Target Implementation
+## Overview
+I've successfully implemented a Jinja2 template target for SecretZero that allows you to:
+- Define Jinja2 templates in your repository
+- Process them with secrets to generate configuration files
+- Support conditional logic, loops, and Jinja2 filters
+## What Was Implemented
+### 1. Template Target Class (`src/secretzero/targets/template.py`)
+A new target type that renders Jinja2 templates with secret values:
+```python
+class TemplateTarget(BaseTarget):
+    """Render Jinja2 templates with secret values."""
+```
+**Key Features:**
+- Validates required config (template_path, output_path)
+- Collects secrets during sync
+- Renders templates with all collected secrets as context
+- Creates parent directories automatically
+- Proper error handling with clear messages
+- Full Jinja2 feature support (filters, conditionals, loops)
+### 2. Integration with SecretZero
+- Registered in `src/secretzero/targets/__init__.py`
+- Updated `src/secretzero/sync.py` to:
+  - Import TemplateTarget
+  - Handle template targets in `_retrieve_from_target()`
+  - Handle template targets in `_store_in_target()`
+  - Track collected secrets for templates
+  - Call rendering after all secrets are synced via new `_render_template_targets()` method
+- Uses existing `TEMPLATE = "template"` enum value in `TargetKind`
+### 3. Comprehensive Tests (15 new tests)
+All passing in `tests/test_template_target.py`:
+- Basic initialization and validation
+- Template rendering with different Jinja2 features
+- Error handling (missing files, invalid syntax)
+- Directory creation
+- File overwriting
+- Jinja2 filters, conditionals, and loops
+## How to Use
+### 1. Create a Jinja2 Template File
+```jinja2
+{# config.j2 #}
+# Database Configuration
+export DB_HOST={{ DB_HOST }}
+export DB_USER={{ DB_USER }}
+export DB_PASS={{ DB_PASSWORD }}
+# API Configuration
+{% if ENV == 'production' %}
+export DEBUG=False
+export LOG_LEVEL=WARNING
+{% else %}
+export DEBUG=True
+export LOG_LEVEL=DEBUG
+{% endif %}
+# Additional servers
+servers:
+{% for server in SERVERS.split(',') %}
+  - {{ server }}
+{% endfor %}
+```
+### 2. Define in Secretfile.yml
+```yaml
+version: "1.0"
+secrets:
+  - name: DB_HOST
+    kind: static
+    config:
+      value: "localhost"
+    targets:
+      - provider: local
+        kind: template
+        config:
+          template_path: "config.j2"
+          output_path: ".env"
+  - name: DB_USER
+    kind: static
+    config:
+      value: "admin"
+    targets:
+      - provider: local
+        kind: template
+        config:
+          template_path: "config.j2"
+          output_path: ".env"
+  - name: DB_PASSWORD
+    kind: random_password
+    config:
+      length: 32
+    targets:
+      - provider: local
+        kind: template
+        config:
+          template_path: "config.j2"
+          output_path: ".env"
+  - name: ENV
+    kind: static
+    config:
+      value: "development"
+    targets:
+      - provider: local
+        kind: template
+        config:
+          template_path: "config.j2"
+          output_path: ".env"
+  - name: SERVERS
+    kind: static
+    config:
+      value: "server1.example.com,server2.example.com"
+    targets:
+      - provider: local
+        kind: template
+        config:
+          template_path: "config.j2"
+          output_path: ".env"
+```
+### 3. Run Sync
+```bash
+secretzero sync -f Secretfile.yml
+```
+This will:
+1. Generate/retrieve all secrets
+2. Collect them for each template target
+3. Render the templates with those secrets
+4. Write output files (.env in this example)
+## Template Syntax
+### Access Secrets
+Both of these work:
+```jinja2
+{{ DB_HOST }}           # Direct access
+{{ secrets.DB_HOST }}   # Dict access (recommended for clarity)
+```
+### Jinja2 Features
+**Conditionals:**
+```jinja2
+{% if ENV == 'production' %}
+DEBUG=False
+{% else %}
+DEBUG=True
+{% endif %}
+```
+**Loops:**
+```jinja2
+{% for host in HOSTS.split(',') %}
+- {{ host }}
+{% endfor %}
+```
+**Filters:**
+```jinja2
+{{ API_KEY | upper }}       # Uppercase
+{{ API_KEY | length }}      # Length
+{{ DB_PASS | string }}      # Convert to string
+```
+**Default Values:**
+```jinja2
+{{ DB_PORT | default('5432') }}
+```
+**Multi-line:**
+```jinja2
+{% if ENABLED | bool %}
+enabled = true
+{% endif %}
+```
+## Configuration Options
+| Option | Type | Required | Default | Description |
+|--------|------|----------|---------|-------------|
+| `template_path` | string | Yes | - | Path to Jinja2 template file (relative or absolute) |
+| `output_path` | string | Yes | - | Path where rendered file will be written |
+| `overwrite` | boolean | No | true | Whether to overwrite existing output file |
+## How It Works
+### Architecture Flow
+```
+Secretfile.yml
+    ↓
+Generate/retrieve secrets for "template" targets
+    ↓
+Collect secrets in _template_targets (keyed by output_path)
+    ↓
+After all secrets synced:
+    ↓
+Call _render_template_targets()
+    ↓
+For each template target:
+  - Load Jinja2 template
+  - Render with collected secrets
+  - Write to output_path
+    ↓
+Update lockfile
+```
+### Key Implementation Details
+1. **Collection Phase**: When `_store_in_target()` is called for a template target, secrets are collected in memory (not written immediately)
+2. **Rendering Phase**: After all secrets are synced, `_render_template_targets()` renders all templates together with their collected secrets
+3. **Context Data**: Templates have access to:
+   - Direct variable access: `{{ SECRET_NAME }}`
+   - Dict access: `{{ secrets.SECRET_NAME }}`
+   - Full dictionary: `secrets` variable contains all secrets
+4. **Error Handling**: If template rendering fails:
+   - Clear error message is returned
+   - Sync continues with other targets
+   - Error is reported in sync results
+## Advanced Examples
+### Environment-Specific Configuration
+```yaml
+secrets:
+  - name: APP_CONFIG
+    kind: static
+    config:
+      value: "prod"
+    targets:
+      - provider: local
+        kind: template
+        config:
+          template_path: "config.template.j2"
+          output_path: "config.yml"
+  - name: DB_CONNECTION_STRING
+    kind: random_string
+    config:
+      length: 32
+    targets:
+      - provider: local
+        kind: template
+        config:
+          template_path: "config.template.j2"
+          output_path: "config.yml"
+```
+**config.template.j2:**
+```yaml
+application:
+  name: myapp
+  environment: {{ APP_CONFIG }}
+database:
+  connection_string: {{ DB_CONNECTION_STRING }}
+{% if APP_CONFIG == 'prod' %}
+  timeout: 30
+  pool_size: 20
+{% else %}
+  timeout: 5
+  pool_size: 5
+{% endif %}
+```
+### Multi-format Configuration
+Generate both `.env` and `config.json` from the same secrets:
+```yaml
+secrets:
+  - name: API_KEY
+    kind: random_string
+    config:
+      length: 32
+    targets:
+      - provider: local
+        kind: template
+        config:
+          template_path: "env.template.j2"
+          output_path: ".env"
+      - provider: local
+        kind: template
+        config:
+          template_path: "config.template.j2"
+          output_path: "config.json"
+```
+## Requirements
+### Dependencies
+Jinja2 must be available (included in SecretZero by default):
+```bash
+pip install secretzero
+# or
+pip install jinja2
+```
+### File Permissions
+- Read access to template files
+- Write access to output directories
+## Testing
+Run the template target tests:
+```bash
+pytest tests/test_template_target.py -v
+```
+All 241 tests pass (15 new template tests + 226 existing tests).
+## Integration with Existing Features
+### With Lockfile Tracking
+Template targets are tracked in the lockfile like other targets:
+- Rotation history recorded
+- Change detection supported
+- Drift detection compatible
+### With Rotation Policies
+Template targets support rotation:
+```yaml
+secrets:
+  - name: API_KEY
+    kind: random_string
+    rotation_period: 30
+    config:
+      length: 32
+    targets:
+      - provider: local
+        kind: template
+        config:
+          template_path: "config.j2"
+          output_path: "app_config.json"
+```
+### With Dry-Run
+Test template rendering without writing files:
+```bash
+secretzero sync -f Secretfile.yml --dry-run
+```
+## Troubleshooting
+### Template File Not Found
+```
+Failed to render template: Template file not found: /path/to/template.j2
+```
+**Solution:** Verify template_path is correct (absolute or relative to where sync is run)
+### Undefined Variable in Template
+```
+Template rendering failed: ... undefined variable ...
+```
+**Solution:** Ensure all variables used in template are defined as secrets with template targets
+### Invalid Jinja2 Syntax
+```
+Template rendering failed: ... 'nonexistent_filter' is undefined
+```
+**Solution:** Check Jinja2 filter names and syntax
+### Permission Denied
+```
+Failed to render template: ... Permission denied ...
+```
+**Solution:** Verify write permissions on output directory
+## Future Enhancements
+Potential features (not yet implemented):
+- Variable scope/namespacing
+- Template inheritance
+- Custom Jinja2 filters
+- Template validation before rendering
+- Template version tracking
+- Multiple template rendering per secret
+## Files Changed
+### New Files
+- `src/secretzero/targets/template.py` - TemplateTarget implementation
+- `tests/test_template_target.py` - 15 comprehensive tests
+### Modified Files
+- `src/secretzero/targets/__init__.py` - Added TemplateTarget import and export
+- `src/secretzero/sync.py` - Added template target handling in sync engine
+### Test Results
+- ✅ All 241 tests passing (15 new + 226 existing)
+- ✅ 98% coverage for template.py
+- ✅ No regressions in existing functionality
+## Example Complete Secretfile
+```yaml
+version: "1.0"
+secrets:
+  # Database credentials
+  - name: db_host
+    kind: static
+    config:
+      value: "postgres.example.com"
+    targets:
+      - provider: local
+        kind: template
+        config:
+          template_path: "templates/docker-compose.j2"
+          output_path: "docker-compose.yml"
+  - name: db_user
+    kind: static
+    config:
+      value: "appuser"
+    targets:
+      - provider: local
+        kind: template
+        config:
+          template_path: "templates/docker-compose.j2"
+          output_path: "docker-compose.yml"
+  - name: db_password
+    kind: random_password
+    config:
+      length: 32
+    targets:
+      - provider: local
+        kind: template
+        config:
+          template_path: "templates/docker-compose.j2"
+          output_path: "docker-compose.yml"
+  # API secrets
+  - name: api_key
+    kind: random_string
+    config:
+      length: 64
+    targets:
+      - provider: local
+        kind: template
+        config:
+          template_path: "templates/api-config.j2"
+          output_path: ".env.local"
+  - name: environment
+    kind: static
+    config:
+      value: "development"
+    targets:
+      - provider: local
+        kind: template
+        config:
+          template_path: "templates/api-config.j2"
+          output_path: ".env.local"
+```
+**templates/docker-compose.j2:**
+```yaml
+version: '3.9'
+services:
+  postgres:
+    image: postgres:15
+    environment:
+      POSTGRES_USER: {{ db_user }}
+      POSTGRES_PASSWORD: {{ db_password }}
+      POSTGRES_HOST_NAME: {{ db_host }}
+    ports:
+      - "5432:5432"
+```
+**templates/api-config.j2:**
+```bash
+# Generated configuration file
+API_KEY={{ api_key }}
+ENVIRONMENT={{ environment }}
+DEBUG={% if environment == 'development' %}true{% else %}false{% endif %}
+```
+This provides a complete, production-ready template target implementation integrated with SecretZero's architecture!