sops
sops copied to clipboard
getsops
Simple and flexible tool for managing secrets
We use sops in Azure Pipelines using a Service Principal to decrypt some ciphertext prior to deploying infrastructure using Terraform. For about a week now, sops is unable to decrypt...
This command will silently ignore the `--output` flag and its passed value. ``` sops -d encrypted_secret.json --output decrypted_secret.json ``` I think it would make sense to let this error instead,...
Adds a new setting into Vault's destination rule called `vault_path_omit_filename` which is false by default so there is no breaking change. And if it's set to true it will omit...
Closes #460 Add `filestatus` command, reporting if the file is in encrypted or unencrypted state. I reused `ensureNoMetadata` logic, thus the command would return `0` when the file is not...
Currently to support path_regexes that should work on windows and other systems you need to manually handle the different separators with `(/|\\)` like this. ``` - path_regex: staging(/|\\).*\.secret\.(yaml|json)$ gcp_kms: projects/.../sops-key-staging...
Did 3.7.2 introduce some breaking changes/functionality? Looks like when we upgrade to 3.7.2, we're unable to decrypt kms secrets on mac amd64. Downgrading to 3.7.1 works fine. Users are stumbling...
Hey there, I am currently trying out sops with the freshly released version 1.0.0 of age. Creating passphrase-protected age key files seems rather easy: https://github.com/FiloSottile/age#passphrase-protected-key-files However, when I try to...
In [this](https://github.com/mozilla/sops/pull/966#discussion_r830289256) comment It was suggested to split the original PR #966 into two. This change will re-encrypt all example files with age as well in the hopes to drive...
Although sops is designed for Lunix/WSL/bash it would be nice to support Windows\PowerShell My current workaround is to duplicate the paths. (I don't really want to do a hectic regex)...
From the current [readme](https://github.com/mozilla/sops#encrypting-using-hashicorp-vault), we specify the vault address when encrypting the yaml file. However, that brings a issue when the vault addresses are different when encrypting and decrypting. A...
