can encrypt with a configured or specific key? #73
Comments
|
Hi @mrgleeco, |
|
Can you not use the packages used in this file? https://github.com/mozilla/sops/blob/master/cmd/sops/encrypt.go |
|
Sadly, they are not exposed (Go functions/types are not exposed to outside code unless they have a leading capital letter in their name). |
|
Isn’t |
|
https://github.com/mozilla/sops/blob/66043e71a81787d6513bc2e5505a29aac67dc6f1/sops.go The top level module has Tree and Encrypt in it. |
|
I know they don't guarantee it's API, but it hasn't changed in 2 years. I think we could get a lot of value out of it if it doesn't change all that often. |
|
Unfortunately, those are not all that easy to use for us either. Even though they are exposed, there's a non-trivial amount of supporting code which isn't, both in pre-processing and post-processing stages. Technically we could of course copy that code over patch something together, but it'd grow the amount of code we need to understand and maintain drastically. |
|
@carlpett Hey, seems like this might be on its way now? getsops/sops#1174 |
|
Let's see where it goes! I'm not convinced that patch will be accepted, given that it doesn't really encapsulate it as a library, but exposes all of the guts including Stores, KeyGroups, etc. But if it does, we'll take a look at it. |
|
I was searching for how to use the custom key. I found you can use SOPS configuration variables as |
hello - this is a general question about this provider. Unclear how / if this can be done:
i'd like to use terraform to provision a new key and a new ring. Then i'd like to sops-encrypt a local file with that key.
Ideally then i can use the sops provider output for other recipes.
i guess i'm asking if i can specify key and then like it would be something like
Or maybe: could be done? Is there a clear path for a contribution? :-)
The text was updated successfully, but these errors were encountered: