Can't use docker compose and sops together

[AdoPi]

I can't use docker compose and sops together, I don't know why

sops exec-file file.env "docker compose --env-file {} up -d"

hangs forever, but this works:

sops exec-file file.env "cat {}"

I've tried to use Podman instead of Docker and it worked, I need to use Docker not Podman.

Does anyone know what is going on?

[felixfontein]

This is very strange indeed, it was baffling me as well (I even figured out which exact line of Docker Compose it's hanging in: https://github.com/docker/compose/blob/3371227794f5f3645f4f19829c60a741635ed329/cmd/compose/compose.go#L605), when I finally realized what's happening:

Instead of writing the secrets on disk, sops exec-file uses a FIFO (unless you specify --no-fifo), also known as named pipe. The downside is that you can only read that file once. Apparently Compose tries to read it multiple times, which results in Compose hanging when trying to read it again.

If you simply add --no-fifo, it works fine: sops exec-file --no-fifo file.env "docker compose --env-file {} up -d"

[felixfontein]

I created a bug in the Compose repo: docker/compose#11656 It would be nice if a named pipe could be used instead of having to write the decrypted file on disk.

[AdoPi]

Thanks a lot for your detailed answer!