sops icon indicating copy to clipboard operation
sops copied to clipboard
verified publisher icon getsops

[Question] Encrypt using the same data key

Open shtlrs opened this issue 1 month ago • 1 comments

I am building a custom python wrapper over sops (called via subprocess), and i currently am following this approach

  1. Decrypt the file to stdout
  2. Convert that yaml content into a python dict
  3. Operate on the dict in memory
  4. Encrypt it and dump it back to the same file path

This works great and all but, it will always re-encrypt the entire file (and uses a different data key), which makes sense.

The reason why I'm doing it like this is because it's easier to operate on a dict rather than having to do type conversions, dump as json string, etc.

I am wondering, is there a reasonable way I could do this where sops would use the same data key to encrypt the context again before saving it to the final file path ?

Thank you

shtlrs avatar Dec 05 '25 10:12 shtlrs

Right now there isn't a way (except by abusing sops edit with a custom SOPS_EDITOR command that basically writes the wanted content into the filename it is passed), but you aren't the first to ask for one: https://github.com/getsops/sops/issues/696

felixfontein avatar Dec 05 '25 20:12 felixfontein