Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Decryption fails if file is not in the creation_rules #868

Open
b4nst opened this issue May 11, 2021 · 3 comments · May be fixed by #1434
Open

Decryption fails if file is not in the creation_rules #868

b4nst opened this issue May 11, 2021 · 3 comments · May be fixed by #1434

Comments

@b4nst
Copy link

b4nst commented May 11, 2021

When decrypting a file with sops -d file.yaml sops fails with error loading config: no matching creation rules found even if the file contains the correct sops metadata. If I add this file to one creation_rules or remove the .sops.yaml file this is working as intended.

I was expecting sops not to complain on decryption phase since everything that it needs is present in the metadata. Moreover the key is named creation_rules. It's confusing that you need a creation rule to decrypt an existing file.
@LandazuriPaul LandazuriPaul mentioned this issue Dec 24, 2021
Open
@Goorzhel
Copy link

Goorzhel commented Feb 4, 2024
edited

I was trying to do sops -d /nix/store/... while in ~/src/NIX/own/ and couldn't understand why I was getting this error. I later found out I had a stray ~/src/NIX/.sops.yaml. Deleting that fixed the problem.

I suppose the sticking point is:

  1. Without --config, sops searches upward from $PWD for a config file.
  2. When a config is found, and it doesn't refer to the target file, it probably makes sense to bail, although I agree with OP.

I will say that, in my case, it would have been helpful if sops --verbose told me the location of the config file it found.

@felixfontein
Copy link
Contributor

SOPS shouldn't use the config file on decryption. It currently tries to load it since the code is somewhat a mess. I'd like to fix this, but I don't want to create yet another conflicting PR to #1391, so I'll wait until that one actually receives some feedback.

@felixfontein felixfontein linked a pull request Feb 9, 2024 that will close this issue
Open
@felixfontein
Copy link
Contributor

Since #1391 is now merged, I created a PR to fix this: #1434.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Decryption: do not fail if no matching creation_rule is present in config file felixfontein/sops
3 participants
@Goorzhel @felixfontein @b4nst