sops icon indicating copy to clipboard operation
sops copied to clipboard

Published 20 hours ago verified publisher icon getsops

Q: How to prevent unencrypted files from being committed

Open kilianc opened this issue 5 years ago • 6 comments

I prefer sops over git-crypt but I like the filter pattern. Is there a good way to prevent a file that matches a filter from being committed unless is encrypted?

kilianc avatar Nov 14 '19 18:11 kilianc

#545 would help with this I guess?

autrilla avatar Nov 14 '19 18:11 autrilla

Yeah, filestatus in combo with a filter/hook could work!

kilianc avatar Nov 14 '19 19:11 kilianc

Has anyone been able to find a git-crypt equivalent method using SOPS. I also like that git-crypt has the ability to un-encrypt after you've unlocked the secrets for the first time that are stored in the repo, seems fairly tedious with SOPS to do individual secret files each time.

xunholy avatar Dec 28 '20 23:12 xunholy

@xUnholy there was work related to this to avoid double encrypting files and potentially make automation and UX better. https://github.com/mozilla/sops/pull/545

seems fairly tedious with SOPS to do individual secret files each time

I wrote a simple bash wrapper to handle my specific use case. The convention is that encrypted files end with .enc. This way I can setup filters and rules to avoid committing unencrypted files or encrypting them twice.

kilianc avatar Jan 04 '21 19:01 kilianc

Maybe this helps: https://github.com/yuvipanda/pre-commit-hook-ensure-sops

aDingil avatar May 12 '23 05:05 aDingil

Looking for the same thing, especially to use sops with .dotfiles and secrets.

davinkevin avatar Jan 21 '24 18:01 davinkevin