sops icon indicating copy to clipboard operation
sops copied to clipboard

Published 20 hours ago verified publisher icon getsops

SOPS remove ansible YAML declaration like "!unsafe"

Open Roxyrob opened this issue 3 years ago • 6 comments

SOPS is a great tool, but sometimes is a little bit invasive on YAML formatting. Ansible use YAML declaration like !unsafe to instruct parser to behave in special mode for variables evaluation/templating. SOPS remove such declaration. There are params to customize how deep SOPS can normalize/modify original YAML file ? Often happen to create variables containing such special case and secrets parts together.

Sample code:

ldap_cfg:
    path1:
        ...
        group_filter: !unsafe (&(objectClass=group)(member:1.2.840.113556.1.4.1941:={{.UserDN}}))
        ...

!unsafe will be removed.

Roxyrob avatar Feb 12 '22 02:02 Roxyrob

SOPS converts files into its internal representation and then re-creates them from that internal representation. The internal representation does not support YAML tags, so they do not survive round-trips.

felixfontein avatar Feb 12 '22 07:02 felixfontein

YAML tags are not a language standard ?

Roxyrob avatar Feb 12 '22 08:02 Roxyrob

They are a YAML language standard. But sops does not support them, because it's internal data structures do not support them.

felixfontein avatar Feb 12 '22 08:02 felixfontein

I've got it. Thanks

Roxyrob avatar Feb 12 '22 10:02 Roxyrob

(It's definitely possible to add support for this. But it does require some work, as the internal data structures have to be adjusted for this.)

felixfontein avatar Feb 12 '22 11:02 felixfontein

can i please add a thumbs up for this feature? happy to help with it - it would be awesome to have tags available

jay-bhambhani avatar Jun 08 '22 18:06 jay-bhambhani