diff --git a/example/some-api/some-api.yaml b/example/some-api/some-api.yaml
index 6f6a29a15..57ab7c652 100644
--- a/example/some-api/some-api.yaml
+++ b/example/some-api/some-api.yaml
@@ -1,4 +1,11 @@
 ---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secret-certificate
+data:
+  cert.pem: {{ passLookup "my/secret/certificate" | b64enc }}
+---
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
diff --git a/templater/pass.go b/templater/pass.go
new file mode 100644
index 000000000..f1dc82986
--- /dev/null
+++ b/templater/pass.go
@@ -0,0 +1,32 @@
+// This file contains the implementation of a template function for retrieving variables from 'pass', the standard UNIX
+// password manager.
+package templater
+
+import (
+	"fmt"
+	"os"
+	"os/exec"
+
+	"github.com/polydawn/meep"
+)
+
+type PassError struct {
+	meep.TraitAutodescribing
+	meep.TraitCausable
+	Output string
+}
+
+func GetFromPass(key string) (string, error) {
+	fmt.Fprintf(os.Stderr, "Attempting to look up %s in pass\n", key)
+	pass := exec.Command("pass", "show", key)
+
+	output, err := pass.CombinedOutput()
+	if err != nil {
+		return "", meep.New(
+			&PassError{Output: string(output)},
+			meep.Cause(err),
+		)
+	}
+
+	return string(output), nil
+}
diff --git a/templater/templater.go b/templater/templater.go
index fc7433ff1..5e38ddf89 100644
--- a/templater/templater.go
+++ b/templater/templater.go
@@ -158,6 +158,7 @@ func templateFuncs() template.FuncMap {
 		b, _ := json.Marshal(data)
 		return string(b)
 	}
+	m["passLookup"] = GetFromPass
 
 	return m
 }