sops-nix
sops-nix copied to clipboard
Mic92
marshal nested secrets value to string
This pull request marshals nested secret values according to the format of the secret file.
Seem the serialized yaml value has some newline, I should trim the output string.
So the idea is that we can have yaml and json encrypted without having to put them in strings? Would be nice to extend the test case those those as well: https://github.com/Mic92/sops-nix/blob/master/pkgs/sops-install-secrets/nixos-test.nix
The script to update secrets is here: https://github.com/Mic92/sops-nix/blob/master/pkgs/sops-install-secrets/test-assets/sops-edit
So the idea is that we can have yaml and json encrypted without having to put them in strings? Would be nice to extend the test case those those as well:
master/pkgs/sops-install-secrets/nixos-test.nixThe script to update secrets is here:
master/pkgs/sops-install-secrets/test-assets/sops-edit
The basic idea is to support any value in a nested secret. However, I found some edge cases for this pull request:
- It supports the value of the secret to be a number but shows as a string in the template rendering, I might add some type of information into the placeholder.
- If the secret is a string formed by numbers, like "113", the rendered template would be like: ""123"".
I would add some tests to nixos-test.nix, and some unit tests for recurseSecretKey.
Maybe it should only render arrays and hashmaps?
Perhaps we should marshal nested secrets only in JSON format because it is indent-insensitive. The YAML nested secrets are difficult to fit in the template due to indentation issues.