Is sops open to adding support to more kms services?

[shashn8]

For my usecase, I developed an integration with Fortanix DSM for sops, tested it, it is a fully functional integration. Can I expect to get it merged to the main branch if I raise a PR and it gets reviewed, all before the end of this month?

[hiddeco]

We may accept it eventually if sufficient interest is shown, but we are reserved on this as it's another dependency and integration to maintain and uphold. Which means there has to be sufficient community interest, which takes time to gather (you are the first!)

Given this, the timeline you are expecting is not going to work in any case.

[felixfontein]

I think at one point it would be good if we could have some kind of 'plugin architecture' which allows to support new KMS services without modifying sops itself. We're quite far from that point yet, though...

[jht5945]

Expect the plug-in mechanism to be introduced ASAP, I wrote a PoC to support a new KMS, I need to change so many files.

I noticed that this function has so many arguments:

func internalGroupFrom(kmsKeys []kmskey, pgpKeys []pgpkey, gcpKmsKeys []gcpkmskey, azkvKeys []azkvkey, vaultKeys []vaultkey, ageKeys []agekey) (sops.KeyGroup, error) {

Consider involve a independent process plugin mechanism, which like age-plugin: https://github.com/C2SP/C2SP/blob/main/age-plugin.md

When I add s new KMS support, I changed the following files:

	modified:   cmd/sops/main.go
	modified:   config/config.go
	modified:   decrypt/decrypt.go
	modified:   go.mod
	modified:   go.sum
	modified:   keyservice/keyservice.go
	modified:   keyservice/keyservice.pb.go
	modified:   keyservice/keyservice.proto
	modified:   keyservice/server.go
	modified:   sops.go
	modified:   stores/stores.go