Magnus Hyllander
Magnus Hyllander
I'm not sure what the general view is on this. It's true the remote chart would need to be unpacked locally before any contained secrets files can be decrypted. However,...
I see. Well, like you said the chart must be downloaded and unpacked locally (where SOPS and the PGP keys are available) so that the secrets files can be decrypted...
Yes, but the more common use case is to install a remote chart and use a local secrets file, like I described above, so you can't assume that `-f`/`--values` always...
https://github.com/mozilla/sops/#29using-sopsyaml-conf-to-select-kmspgp-for-new-files According to the documentation, sops will search recursively upwards in the directory hierarchy until it finds a .sops.yaml file. It could be that sops is searching upwards from the...
I tested the different scenarios. It looks like sops is searching upwards from the directory of the secrets file (as it should, anything else would have given unpredictable behavior). .sop.yaml...
I believe this is a regression caused by https://github.com/futuresimple/helm-secrets/pull/117. The original encrypt_helper would cd to the directory before running sops (https://github.com/futuresimple/helm-secrets/pull/117/files#diff-60baae393acfb88c61e9d2e0d7eea239L249), now it doesn't.
When I did my testing above I got a bit confused regarding the default sops behavior. Sops actually does search for the config file to use starting from the current...
This is not really related to helm secrets. "helm secrets dec secrets.yaml" is basically the same thing as "sops -d secrets.yaml". The issue is rather to make sure that the...
Sops uses the "gpg" command by default. You can tell it to use e.g. "gpg2" with an environment variable: https://github.com/mozilla/sops/#specify-a-different-gpg-executable