To learn more about Secret OPerationS: https://github.com/getsops/sops
By enabling global-sops-mode, sops-mode will try to enable itself
automatically when we enter a SOPS encrypted file. When you see that sops is
enabled you can use sops-edit-file to decrypt the file. After modifications
have been made you can save with sops-save-file or discard modifications with
sops-cancel. Sops encrypted files will be shown in read-only-mode to prevent
the user from accidentally corrupting an encrypted file. This is useful for
partly encrypted files, where only a single line might be encrypted.
elpaca + use-package
(defun sops-setup-env ()
"Set environment variable for SOPS"
(when (string-match "arn:aws:kms.*:\\([[:digit:]]+\\):" (buffer-string))
(pcase (match-string-no-properties 1 (buffer-string))
("111111111111" (setenv "AWS_PROFILE" "dev"))
("222222222222" (setenv "AWS_PROFILE" "stage"))
("333333333333" (setenv "AWS_PROFILE" "prod"))
(x (message "No matching AWS Profile for %s" x)))))
(use-package sops
:ensure (:type git :host github :repo "djgoku/sops")
:bind (("C-c C-c" . sops-save-file)
("C-c C-k" . sops-cancel)
("C-c C-d" . sops-edit-file))
:init
(setq sops-before-encrypt-decrypt-hook 'sops-setup-env)
(global-sops-mode 1))
| Variable | Description |
|---|---|
| sops-executable | Path to SOPS executable. Defaults to sops |
| sops-decrypt-args | SOPS decrypt arguments. Defaults to `("-d") |
| sops-extra-encrypt-args | SOPS additional encrypt arguments. Defaults to `() |
| sops-before-encrypt-decrypt-hook | Run function before encrypting or decrypting. Defaults to nil |
- Add a variable to auto-decrypt when we enter an encrypted file when
global-sops-modeis enabled. - Create new SOPS encrypted files via
sops-mode. - If we fail to encrypt (sops < 3.9), we need to revert changes to original-file
to encrypted state and switch back to decrypted buffer.
- We should also show the error buffer too.