Feature Request: Support global config file for machine-wide secrets

[koh-sh]

For machine-wide secrets like AWS CLI credentials, it would be helpful to support a global config file such as ~/.config/fnox/config.toml (similar to mise's global config), with project-level secrets overriding global ones.

[jdx]

This feature has been implemented in PR #128! 🎉

The global config file at ~/.config/fnox/config.toml (or $FNOX_CONFIG_DIR/config.toml) is now supported as a base configuration that gets merged with project-level configs.

Key points:

• Global config has the lowest priority - project configs always override it
• Works with config recursion (parent → child override order preserved)
• Global config is loaded even when root=true is set
• All config features work (providers, secrets, profiles, etc.)

Example usage:

# ~/.config/fnox/config.toml
[providers.aws-secrets]
type = "aws-sm"
region = "us-east-1"

[secrets]
AWS_ACCESS_KEY_ID = { provider = "aws-secrets", value = "my-aws-key-id" }
AWS_SECRET_ACCESS_KEY = { provider = "aws-secrets", value = "my-aws-secret" }

Thanks for the suggestion!

[koh-sh]

Thank you!!

[silopolis]

Awesome!