What I really like about chezmoi is how it can retrieve secrets stored on Bitwarden. Your git history is clean of secrets but you can have them referenced on your dotfiles.
I use Chezmoi but I have to point out some of its downfalls vs. other dotfile managers, particularly if someone is looking to migrate to it.
Go's templating lib is incredibly unergonomic.
Identifying file perms and visibility in by special naming convention is pretty gross. Also makes it more difficult to migrate to another solution.
If you're deleting files, you need to remember to do it through chezmoi remove .... You can't just rm them from your dotfiles directory, because chezmoi does not sync state; it simply applies what's currently in your repo.
Handling multiple systems through .chezmoiignore ends up being overly verbose and unintuitive vs. the approach used by other dotfile managers
Despite these gripes I still use it because deployment via a single binary is convenient, and there's enough control through the generated config file + system info to handle multiple kinds of deployments sort-of-sensibly (see point 4 above).
it's so useful! I used to have some terrible setup going with branches for different OSes in my dotfiles, and chezmoi really simplified the whole thing