SOPS with Terraform Cloud dynamic provider credentials

[take-five]

In Terraform Cloud it is possible configure dynamic AWS credentials using OIDC-providers: https://developer.hashicorp.com/terraform/enterprise/workspaces/dynamic-provider-credentials/aws-configuration

For workspaces with multiple AWS provider configurations, TFC would inject variable tfc_aws_dynamic_credentials:

variable "tfc_aws_dynamic_credentials" {
  description = "Object containing AWS dynamic credentials configuration"
  type = object({
    default = object({
      shared_config_file = string
    })
    aliases = map(object({
      shared_config_file = string
    }))
  })
}

To use it in AWS provider you have to use configuration option shared_config_files:

provider "aws" {
  shared_config_files = [var.tfc_aws_dynamic_credentials.default.shared_config_file]
}

provider "aws" {
  alias = "ALIAS1"
  shared_config_files = [var.tfc_aws_dynamic_credentials.aliases["ALIAS1"].shared_config_file]
}

However, sops provider doesn't have an option of configuring AWS (or any other provider, like GCP or Azure) with shared_config_files option, and so it fails to authenticate and assume the correct role with identity token.

Would it be possible to either bake in some configuration options into provider "sops" {} block, or maybe allow setting environment variables for the provider, like this:

provider "sops" {
  environment = {
     AWS_CONFIG_FILE = var.tfc_aws_dynamic_credentials.aliases["ALIAS1"].shared_config_file
  }
}