Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Key path mentioned in README seems incorrect #914

Open
yujunz opened this issue Aug 2, 2021 · 4 comments
Open

Key path mentioned in README seems incorrect #914

yujunz opened this issue Aug 2, 2021 · 4 comments

Comments

@yujunz
Copy link

yujunz commented Aug 2, 2021

The path mentioned in README

On macOS, this would be $HOME/Library/Application Support/sops/keys.txt

seems incorrect

    - | failed to open file: open /Users/yujunz/Library/Application
      | Support/sops/age/keys.txt: no such file or directory
gavriguy added a commit to gavriguy/sops that referenced this issue Nov 4, 2021
@gavriguy
Correct the folder of age keys on macOS
43eaec6 
Relates to getsops#914
@gavriguy gavriguy mentioned this issue Nov 4, 2021
Closed
@renedupont
Copy link

Same issue for Linux path:

$ helm secrets edit secrets.yaml
secrets.yaml
Failed to get the data key required to decrypt the SOPS file.

Group 0: FAILED
  age1crs5whzptf3some1random2numbersxanajp0spv60gz: FAILED
    - | failed to open file: open
      | /home/<my_profile>/.config/sops/age/keys.txt: no such file or
      | directory

Recovery failed because no master key was able to decrypt the file. In
order for SOPS to recover the file, at least one key has to be successful,
but none were.
Error: plugin "secrets" exited with error

@renedupont renedupont mentioned this issue Nov 27, 2021
Merged
@LandazuriPaul
Copy link

LandazuriPaul commented Dec 24, 2021
edited

I just stumbled upon this error as well. Indeed, it seems like the default key folder for age keys, is 1 level deeper: (...)/sops/age/.

As a temporary workaround, I'm using SOPS_AGE_KEY_FILE environment variable:

SOPS_AGE_KEY_FILE="$HOME/Library/Application Support/sops/age/key.txt" sops -d secrets.enc.yaml > secrets.yaml

Also, I got this error only when decrypting encrypted files, never when encrypting files.

EDIT: It seems like it's not just an issue of having the file in the correct folder, because even after moving the key to the correct one, SOPS can't find it. Maybe the space in Application Support is an issue? 🤔

@LandazuriPaul LandazuriPaul mentioned this issue Dec 29, 2021
Closed
@hjoukl
Copy link

hjoukl commented Mar 1, 2022

Can confirm on Linux:

0 $ ls ~/.config/sops/age/keys.txt  
/home/holger/.config/sops/age/keys.txt@
0 $ sops -d secrets.enc.yaml
Failed to get the data key required to decrypt the SOPS file.

Group 0: FAILED
  age1dxrvkqwh7sc6efvcu4zc3v5l**********REDACTED*********: FAILED
    - | error at line 1: malformed secret key: separator '1' at
      | invalid position: pos=20, len=21

Recovery failed because no master key was able to decrypt the file. In
order for SOPS to recover the file, at least one key has to be successful,
but none were.
128 $ SOPS_AGE_KEY_FILE=/home/holger/.config/sops/age/keys.txt sops -d secrets.enc.yaml
secrets:
    API_PASS: mypassword
    API_XAPPID: myappid
0 $ sops --version
sops 3.7.1

Even though the code looks like it should use the path ~/.config/sops/age/keys.txt: https://github.com/mozilla/sops/blob/adfe49c1ead94808a2f06b6cf65758434238e00f/age/keysource.go#L108

Setting SOPS_AGE_KEY_FILE explicitly works.

@blinkeye blinkeye mentioned this issue Mar 27, 2023
Open
@tomaszduda23
Copy link

Linux key location is updated by #1399

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@hjoukl @LandazuriPaul @yujunz @tomaszduda23 @renedupont