Skip to content

Make check whether file contains invalid keys for encryption dependent on output store #1393

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
felixfontein merged 1 commit into from
Dec 29, 2023
Merged

Make check whether file contains invalid keys for encryption dependent on output store #1393

felixfontein merged 1 commit into from
Dec 29, 2023

Conversation

@felixfontein
Copy link
Contributor

@felixfontein felixfontein commented Dec 28, 2023

Depending on the output store, the keys used for storing SOPS metadata vary. For YAML, JSON, and INI files, the sops top-level key is used. For DotEnv files, keys starting with sops_ are used.

Fixes #1384.

@felixfontein felixfontein mentioned this pull request Dec 28, 2023
Closed
@felixfontein felixfontein requested a review from a team December 28, 2023 16:09
devstein
devstein approved these changes Dec 29, 2023
View reviewed changes
Copy link
Contributor

@devstein devstein left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

stores/stores.go
// HasSopsTopLevelKey returns true if the given branch has a top-level key called "sops".
func HasSopsTopLevelKey(branch sops.TreeBranch) bool {
for _, b := range branch {
if b.Key == "sops" {
Copy link
Contributor

@devstein devstein Dec 29, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not worth it for this PR, but thoughts on adding a constant for "sops"?

https://github.com/search?q=repo:getsops/sops+sops%22+language:Go&type=code

Copy link
Contributor Author

@felixfontein felixfontein Dec 29, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, that would be a very good idea!

Copy link
Contributor Author

@felixfontein felixfontein Dec 29, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#1398

@felixfontein
Make check whether file contains invalid keys for encryption dependen…
1bda828 
…t on output store.

Signed-off-by: Felix Fontein <felix@fontein.de>
@felixfontein felixfontein merged commit 3ada89e into getsops:main Dec 29, 2023
@felixfontein felixfontein deleted the encrypted-check branch December 29, 2023 21:45
@felixfontein
Copy link
Contributor Author

felixfontein commented Dec 29, 2023

@devstein thanks for reviewing this!

@felixfontein felixfontein mentioned this pull request Dec 29, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@devstein devstein devstein approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Encrypt dotenv file inplace more than once should be failsafe.

2 participants

@felixfontein @devstein