Decryption fails if file is not in the creation_rules

[b4nst]

When decrypting a file with sops -d file.yaml sops fails with error loading config: no matching creation rules found even if the file contains the correct sops metadata. If I add this file to one creation_rules or remove the .sops.yaml file this is working as intended.

I was expecting sops not to complain on decryption phase since everything that it needs is present in the metadata. Moreover the key is named creation_rules. It's confusing that you need a creation rule to decrypt an existing file.

[Goorzhel]

I was trying to do sops -d /nix/store/... while in ~/src/NIX/own/ and couldn't understand why I was getting this error. I later found out I had a stray ~/src/NIX/.sops.yaml. Deleting that fixed the problem.

I suppose the sticking point is:

1. Without --config, sops searches upward from $PWD for a config file.
2. When a config is found, and it doesn't refer to the target file, it probably makes sense to bail, although I agree with OP.

I will say that, in my case, it would have been helpful if sops --verbose told me the location of the config file it found.

[felixfontein]

SOPS shouldn't use the config file on decryption. It currently tries to load it since the code is somewhat a mess. I'd like to fix this, but I don't want to create yet another conflicting PR to #1391, so I'll wait until that one actually receives some feedback.

[felixfontein]

Since #1391 is now merged, I created a PR to fix this: #1434.