sops icon indicating copy to clipboard operation
sops copied to clipboard
verified publisher icon getsops

"error loading config: no matching creation rules found" when decrypting from stdin

Open adrian-gierakowski opened this issue 4 years ago • 3 comments

running following command in a directory containing .sops.yaml:

cat $PATH_OF_SOME_ENCRYPTED_FILE | sops --input-type json -d /dev/stdin

results in following error:

error loading config: no matching creation rules found

This is clearly a bug since creation rules should not be required for decryption.

NOTE: a workaround has been suggested here, however adding a catch-all rule without a key leads to a change of behaviour during encryption: when running sops some_new_file_not_matching_any_proper_rule instead of instant error loading config: no matching creation rules found, the editor opens and the error only happens when closing/saving the file ([CMD] ERRO[0004] No master keys were provided, so sops can't encrypt the file. Press a key to return to the editor, or Ctrl+C to exit. )

this, together with https://github.com/mozilla/sops/issues/594 could be tackled at the same time in order to improve user experience when working with stdin

adrian-gierakowski avatar Jun 04 '21 10:06 adrian-gierakowski

looks like the same error happens when trying to decrypt any file which path does not match any creation rules in a .sops.yaml file

another workaround I just found is to pass an empty file using the --config options:

sops --config <(echo '') -d $PATH_TO_ENCRYPTED_FILE

adrian-gierakowski avatar Jun 04 '21 11:06 adrian-gierakowski

FWIW I was having this issue and actually the solution under https://github.com/mozilla/sops/issues/884#issuecomment-854621489 did work for me but more importantly I found I had a .sops.yaml in my home directory which was causing the error. Once I moved the .sops.yaml and its (bugged) content, sops -d worked fine.

bennythejudge avatar Jan 25 '22 08:01 bennythejudge

would a PR be welcome?

adrian-gierakowski avatar Jun 23 '22 20:06 adrian-gierakowski

looks like the same error happens when trying to decrypt any file which path does not match any creation rules in a .sops.yaml file

another workaround I just found is to pass an empty file using the --config options:

sops --config <(echo '') -d $PATH_TO_ENCRYPTED_FILE

Just wanted to confirm this also worked for me. The difference is that I didn't have a .sops.yaml file on my home directory, as @bennythejudge specified, so not sure of what is going on. The --verbose flag doesn't tell anything.

WolfangAukang avatar Dec 22 '22 03:12 WolfangAukang

Thanks @adrian-gierakowski, I ended up with the following config entry and all works well:

[diff "sopsdiffer"]
    textconv = "sops --config /dev/null -d"

archite avatar Jan 22 '23 03:01 archite