sops set with --unencrypted-suffix and co #1789
Replies: 3 comments 2 replies
-
|
This is helpful as it means lower security clearance personnel can provision things say with our rootca certificate as trusted for example |
Beta Was this translation helpful? Give feedback.
-
|
Should Generally |
Beta Was this translation helpful? Give feedback.
-
|
Important detail i missed - correct i am trying to use the set subcommand. Id rather use that then risk mangling the file with yq since it has comments and things which im not sure will be supported |
Beta Was this translation helpful? Give feedback.
-
|
sops set recognizes the default '_unencrypted' suffix. if it recognized flags of --unencrypted-suffix then it would be more consistent with this in light. My use case is stashing related data into sops (cert+key) - with the one tool sops |
Beta Was this translation helpful? Give feedback.
-
|
Based on Felix's comment above my understanding is that;
|
Beta Was this translation helpful? Give feedback.
-
Thankyou for SOPS. I have searched for related issues and discussions.
sops set <keypath>[<key>_unencrypted] <value>Works to set a value in a sops file unencrypted
But the following inserts a key with an encrypted value
sops set --unencrypted-suffix cert <keypath>[server.cert] <val>Is this expected? Should i open an issue for it? My usecase is storing certificates and private keys in the one spot (logical, therefore findable) and then only encrypting the material that needs to be secret
Beta Was this translation helpful? Give feedback.
All reactions