Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make check whether file contains invalid keys for encryption dependent on output store #1393

Merged
merged 1 commit into from
Dec 29, 2023
Merged

Make check whether file contains invalid keys for encryption dependent on output store #1393

merged 1 commit into from
Dec 29, 2023

Conversation

felixfontein
Copy link
Contributor

Depending on the output store, the keys used for storing SOPS metadata vary. For YAML, JSON, and INI files, the sops top-level key is used. For DotEnv files, keys starting with sops_ are used.

Fixes #1384.

@felixfontein felixfontein mentioned this pull request Dec 28, 2023
Closed
@felixfontein felixfontein requested a review from a team December 28, 2023 16:09
devstein
devstein approved these changes Dec 29, 2023
View reviewed changes
Copy link
Contributor

@devstein devstein left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

stores/stores.go
// HasSopsTopLevelKey returns true if the given branch has a top-level key called "sops".
func HasSopsTopLevelKey(branch sops.TreeBranch) bool {
for _, b := range branch {
if b.Key == "sops" {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not worth it for this PR, but thoughts on adding a constant for "sops"?

https://github.com/search?q=repo:getsops/sops+sops%22+language:Go&type=code

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, that would be a very good idea!

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#1398

@felixfontein felixfontein merged commit 3ada89e into getsops:main Dec 29, 2023
9 checks passed
@felixfontein felixfontein deleted the encrypted-check branch December 29, 2023 21:45
@felixfontein
Copy link
Contributor Author

@devstein thanks for reviewing this!

@felixfontein felixfontein mentioned this pull request Dec 29, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@devstein devstein devstein approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Encrypt dotenv file inplace more than once should be failsafe.
2 participants
@felixfontein @devstein