daputzy / intellij-sops-plugin Goto Github PK

View Code? Open in Web Editor NEW

11.0 11.0 3.0 162 KB

Simple Sops Edit

Home Page: https://plugins.jetbrains.com/plugin/21317-simple-sops-edit

License: MIT License

Java 100.00%

intellij-sops-plugin's People

Contributors

Stargazers

Watchers

Forkers

ybasket probstdjakob pierre-borckmans

intellij-sops-plugin's Issues

All encrypted values are re-generated upon edit, resulting in noisy diffs

Hello, first of all thank you for creating this useful tool!

I've noticed that whenever a file is modified, all encrypted values are re-generated. This is an issue as it makes it very difficult to read diffs - in larger files it looks like a lot of values have changed when potentially only one has.

Here's an example:

Create .sops.yaml with the following contents:

creation_rules:  
      # ...
      encrypted_regex: (secret)

Create my-sops-file.yaml containing the following, then commit

secret_1: I am a secret  
secret_2: I am another secret

Edit the file with Simple SOPS Edit:

secret_1: I am a modified secret  
secret_2: I am another secret

Running git diff shows both values have changed:

$ git diff

--- a/my-sops-file.yaml
+++ b/my-sops-file.yaml

-secret_1: ENC[AES256_GCM,data:IYTZHhoAPR1j(...)
-secret_2: ENC[AES256_GCM,data:DMavDgjPhCT9(...)
+secret_1: ENC[AES256_GCM,data:rvvSNsNN8r4a(...)
+secret_2: ENC[AES256_GCM,data:bDEzI/57Jh5u(...)

(...)

If I do the same with sops directly, I only see secret_1's value updated as I would expect. I don't think SOPS is intended to be used in a non-interactive way (sops -d -> edit -> sops -e), which causes the problem here.

Feature Request: Support for environmental variables

I'm learning SOPS with Age and while your extension is great, I have a hard time setting the SOPS_AGE_KEY_FILE env var to point SOPS to a different Age key file. It would be nice if this was configurable in the extension. Since SOPS_AGE_KEY_FILE is specific to Age, general support for env vars would be awesome!

Note: Currently I have to set the env var on the command line when I start Idea (and others) using their script. Starting it from the JetBrains Toolbox does not work (unless the env var is set in ~/.bashrc). I'm using Linux with Kde.

Age support

It would be nice if there was support for SOPS using Age :)

https://github.com/getsops/sops#encrypting-using-age

Edit: I'm using SOPS_AGE_KEY_FILE and SOPS_AGE_RECIPIENTS.

Decoding Issues in Windows Version 2.0.0

Hi there!

After updating to 2.0 from 1.6 we have problems because the edit function adds a binary NUL to between all characters in the editors view.
On a Mac everything works flawless, could the v2.0 please be reviewed?

Thanks

Can a function key be assigned to the "Edit" link?

This is a very helpful little plugin, thanks for that.

I was wondering if it would be possible to assign a short cut key to the "Edit" link in the notification bar? It's easier to press a few keys than hitting a small link in the upper right of the IDE (at least for me).

It would be nice if a file detected to be SOPS editable was made read-only.

We are doing a lot of secrets work right now and we have more than once forgotten to press Edit before changing the file which sops doesn't like.

Can the plugin mark the file as read/only so the only way to change it is to press Edit?

Partial encryption not supported

When using --encrypted-suffix or --encrypted-regex for the initial encryption, the settings are not used after editing a file.

Example file:

replicaCount: 1
image:
    repository: mergermarket/404
    pullPolicy: Always
    tag: latest
secrets:
    PASSWORD: ENC[AES256_GCM,data:0h0+5UiKjNqIHqGR7Xno2R3l9bIxLPtxAaQiJwlUIYzXum9Wf+WD+W8LyU2nQbKLDjFOvprVt+H0Gh01heiE5tawkojAnWWqRyQLgizyttsX/ToeP4ETFTTs5zo7zDjVb0J3YRIhAGIgvc0hUqbX7tHVi+TaQfQZPqjPAp2TtJ3HL4UPo3AKIUFzI/QflsDEvmYJc7CrOV4X66jNWwHSCaJg3fNvOYXV4e5g1ZCgsIMu4jjcDhQaSEPxAHsMyc7RvDF5o/ASQU7jdlAkLQdZV1023M3OLlBkLjC9c7SM5xVyXJRA6X3QRiPBcbuexYEPOgL2A2/7TEvTwF56dA0heCntvkYC6to0z34z4iF+BjOBIiXJJy2Xaz88h05dKBb66SfN3PtNV1PQcq3mNW7ewWOvw0I4Ndm9xtGpOYjEvW4qEeXqTTUF7TudNBWMN95f68teaCKJ6N95bwOfI6NmpLMGKIbPIWdOB6LqPqN/ILfxyLQQa2zwFh8eT3aLITdybGZXRZjk1DOt+fh2DuenqV5Yd/k8tC8FZRIEi/HwDlI/xuBYNsgKboPVVcKoGRqegYz8SZnZaGtyShbSevU9EleznnHKt0oiMBXMBAq0DjdK/Nyf/uUhaY/SJBVcvNJ4JIJ7hKAotDsOJulWJMFiO2Y/zKTxb16PeIaiEAAvEtXq2zUO+HMrjDib7Tvb7EfPXKEffHF5PhtZnBokKLUJ1OERrEc7ht1aKPRMVfebXwt0a/8gDH76V1qMoKdEzK69gt4iBD95CL9VXYpgWZ6M9GE3Oq1wXxFQiU6QihE+Xfzqr6cA+KCWmP73nvZILeXoMfYu2l0z20VEyhHToy0Ez+CDqOCXybWZW/k3heJykMnkxG/zzUmjhtTZ1pPt9diHz8Zf4uQkiDEXf/3KclBso151lBg0N60Tsg3icDPUlNfrASNl9wByZGjr7u+8CYdRcotalL8cVkqd3UnfIuLFjO/CY6IMJYIhJKJGpHqnbqYSt4kAyfwTQMFS8L6VgkHkn/zyckPVn9zWzkj9bTNUX+pC1MLQwda3yJGRj+/1dz0ywKrB2T+3Q/3+MUFkozg37xgW8yNt/k0CH72eyXw35TyN9YsfRaed73wEQO+W9HHhZCtHELkv3R4Q4rxJPYoRpDiGPpG/D4Bk/QcAYXZGZyn0RvjRcrQjQFC0JAOVGurWX3nmOxeYc8TtwbzUgu5G+xxjCqv1xm2zgh6aH4T4pi2Fbc8o1DxOcdCNTZW4l4uma9ig6Rt5EJ3BIVgjfnZFNHozt6jl+vU4HlRm7cymfh9YLmgeu6G81qZ/IftZrtePeVhoc3dwKOWt2nGb+M46Mc81VvmhYzh4rtVf5IuhmYz8qN6iYXRiOq/2yBnYECUMaaqCmru6TbMDpHQDNf5mYLOwc1+OW3C3I1E5Z3t0lCaI7XjscLptv3pDMqva3f7Stf6uuFxAJNSRS6YRJw2u/TlTfvfVRHjF2PEjFE2hGQMhVritau8DrkCAUq08u//7qQ4HWzW0eeNJ6d7JY+C+4t5/VrLdwwKb7zdcwaBE834pD/S1TKzWaN3qB73pfZan8czS0Nh9Il/lLgeRCcCT,iv:adWp0vpcTbasPy05KwtrsYbLSm4HAFUZ2Tb2ChfG4h0=,tag:yxOtSVBS8kiVviTUN/Butg==,type:str]
sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1r2ruadc42qz2ar82ytsfxudd7c06aq5qk75dhxsy0l56jkr79pzs2wpna3
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVdDNIbVNQWHhiaEVKU1J0
            bkhkMmcwNE9GMWlQejBvRTNMZDhwQlJtRnlZCjQ0QUM0NUtVZE43alVyU0x0aEpa
            alZkZGJRcU1pSW9tVi8vcENsb0l1Q0UKLS0tIHRicG82dTE3ZS9LSFY3SXdkZlNr
            dktSWkFncXRXekd1UzBYcHV5SjE5dDAKd7tbNmPCVGc+ou4m3CI3d5lzfi66RUar
            nIKvXrascvuJOMpXWGn1k/eyP4zCQSC9l9Y9HUsYytu0bqhFTX7ZzQ==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1zrmmyxzmuu97fdax3yf2ntu7e8maj7mg4nm3ay43q23d0mh7pfjsgdj029
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjSlpFRldDc1owUm0zczhz
            QU9ZOFpPWFJsR2FpTjQ1YWo5b2RnOXBtblg0CjFiSm1oeTJqYXRNRXl4ZmdvdjEy
            Y3Zkb0srM0F6QXZqQ2twL2hUbTg4MU0KLS0tIFBHWlNBclVmWlo5U1o3NnQ4THp5
            QnArSWR4UWZ1MWdsSTFxUFpvRTk5VUEK7wMovbnklm99Uv8olqSGNi7UGREj02So
            UyBPJN7VNITreo3Fh5cLtoYpUq3kjdVn5dTMtZ82VCyBy1L8XJ9tAA==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2023-12-20T09:22:02Z"
    mac: ENC[AES256_GCM,data:qm7E4EoizKZuBUQo8Ibva5fayb97wK2/4FnZJyaxbqAeemMSZiLheE46YrkzwcGcijexiTJH7kA0rSfde/JcgtojM7XuFOFk0oURfEIkkvcIe4hRub6IH2ZMWnh/MJ4UgQNB1igLOPYMWQ2jon1pW1AmKkjJdwXP7rNrD4lN0iE=,iv:wv/duAHduB84HSl1gnClQobgK292hVbL96LIt/T1ZGw=,tag:NQMA/RiZRrEe7m1RPG6msg==,type:str]
    pgp: []
    encrypted_suffix: secrets
    version: 3.7.3

When I edit any value this is changed to:

replicaCount: ENC[AES256_GCM,data:Lw==,iv:xyL1/SQNcdu0d3OPXSjw0IBOTsd8QSUB12Yya8BwSPU=,tag:WOQIKKUb589ZYKer2bq96A==,type:int]
image:
    repository: ENC[AES256_GCM,data:R17b0NK2HIOOgiVx6ol04w==,iv:xSHMocGyoS/t93mc4iQA1e6KOSNIQfedj7gLYuPmIZY=,tag:ACcaVd+NZQXuJ0AuSim7JQ==,type:str]
    pullPolicy: ENC[AES256_GCM,data:C7NYn7hK,iv:TzRG/d7EeXLqLNE8x8w04u6rjX+Damjrt949fkjKoyM=,tag:rq5EysOW8FZQsY8wFDJXxA==,type:str]
    tag: ENC[AES256_GCM,data:505KlX1B,iv:AjTAsKnRce2LeBfrlo4Mn0Tmk3L0NSD7scUFvwWtQKU=,tag:Rd9N56uC0fzZYDe8IDC0Vg==,type:str]
secrets:
    JWT_PRIVATE_KEY: ENC[AES256_GCM,data:y0SzfsC3hXc/eoCRbsd9dNFw5FoD/HaERfJka1c2KwoRRwMWyxnFHaP5azjDdGYzWEGHH8flK40Efhjbe+PMkxSt9qYxSKstsT5iOFClKcIpjHLhHY39FLy5pnHWFp/S3bzMgtjceVq/in8FdgfuSWhaitdGIqJx0RCa1A2w2LJ1gWhVcRgk0ofOhZFgonGowzbJXbWs2doyA/4MelKqLMEW/C1AfXpEIdF7Eh4cTvSpBRpmN+7mVmSTY7+wqP38TQ/5OQcqPeT/1mTNG5uvvsfOscHuQNTOJOs7KcyaFj8GwPcVBCPsfUz0LzhVJJQzVW953mUAcxxWoAhrsUANgiIpJc0IVq//VgDsEf1vdVAZCjhKWEPc5RKopBt8DsWP1Cm8JZIxN6MCBX4ujA+U64FWQ9mzy7dAluUxHD22hqeToSrMrl8vyDcbB8Qs89bx3yxOasPlSOujo3krViOjqPaFS02a4eZ3tD5NX8Y+wdAoatHAC772R5Ead09tK6hy+7KyFhKxnTxWybgNWFg2RSlzTdMAK1yBTxSGN17qMiY5HBZw5wbR8QMNJiYA/YQduhahuLtSQhrJvAVehAAKHc4jSkXobnj2q7Cbqj3Dciki74/sl60V7pgtWVEP276FRRYsVsu49uu2ggXU2mgWq2c5Sgo2XC9CGmmyPds+gmRr35NxU251sItoC/t3tkgzSxOBTQgsg1Y+29b3ZM0n/R/+eM2qkZHhTFCiv0y6+B84XUX6wdw50eJHzIazAubzH19+fVNHhuexbAlEwzcUkls32r7OWuLmb6k/XnjBhkXxHq9bDtlE2jdcd/cJiSRHgUkwXB8SQzuMToEOjsYTqBJrI/AHhkUFkkojIlJ0wZYMTwulZiKMDwxa/HAQenjvxowzqMPqwOiowabK4WCmUsVNF/r3stFBadLG/0977IGf+apSkXh9DUMtsGkSj4REo5jBeLd5rkyK3OGwV+OLBPQtf8jrpHskdvnaJzMiElxmyUCyMwqLgl+vmhYrv0zESA0kJJVI3lnF6u1chiw22CMo2m2hsl3oMgLXQBtSgTVEMHyjg9+splsFMsfvaPTWnzR5/Zm7TFEjv633H8VV+ndrzNGjh4lZnjGnPwQ91uQd8Qim3zD4c2u7gKc+4Xkoq1nlcZDKhcps3vwXqjXscqPcs1XwucFX4TueMtwj1irVkSdbt3RkwczpDS8/No8niDMh6Vc+jb0MLTm0Xj6PJKf/NJyaH9ewUdov++59HOet9ZiJ4bzR7H5D5tUThhD35SLfaLtEpSQCMWEvm7u4miAN3NkTye41C/o22B2CmElpR+dg21ZEyJJE1+NdLJc+xCGjYtDK2MBwt3HUQUV3o6e4EOvRjKcC48MGDAljJhJTaU7/yP8Xfi8AUJfrJAPd0Lj5A0IH6GA3Rp8eB6Vi4eWqY/HWXkfYJCUP8PnR8x1dcH9VFwlpnCxnOKK5HoAJ1rTNA7UoJQaqmd7icLMGLc9lvaBL/7v3l8DZdSvKyhOHo/7Q5OkmIHg26U5aqq4ruUA4gTGRtQ/wdRpK+2MHRiHX6H2tEwKRpyh7ikLYoJzVTFzN3fMDpY8kpn0rG7dK,iv:0mbac9e2rRrQ8fxrXiZcFcSjokSNJuiqBv6E/VsIo3g=,tag:Ycdbe4lX4n5iiYC0GkCnAA==,type:str]
sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1r2ruadc42qz2ar82ytsfxudd7c06aq5qk75dhxsy0l56jkr79pzs2wpna3
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxZ0VvaDJOSkdaM2ZRMUdJ
            dDJJbE03UUk0cndsaURybDRxbzdDR2tnaUZzCndkUzhnZzhmMXVONEt1WVpqNXlt
            Nkt3TXM1OTJkR0w5NzAva1VKR3I0YjQKLS0tIEZQQ3phZGUzOXdBcm1EWkEvSmtF
            KzZVOUFsaElFSmxUQk1UT1ROSUNDbmcKYEDXobiDzyFzC6dz4lBhIC3jSU64kueC
            n5jdElEn6IGkBFHqtI4DetFX0vXPBhvqaLhZ8KdsAlMf/KXx79ea3g==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1zrmmyxzmuu97fdax3yf2ntu7e8maj7mg4nm3ay43q23d0mh7pfjsgdj029
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVejVkQm1UYjVROFNzZ29W
            a21VNHpBZm1jajhvb2FNcENWeVBSbDd0N3hvCmwvU0VsejhzMjJDZ21uc3JFMkxF
            Q0NLdTQ0L01IeVJYOE9hZWFJNDZCejAKLS0tIFB6ZU9Ma3pqVlc3bmlrejMrK2hJ
            dUdzcWMrNkJtZUhuYmJEaTRqNVFsNEUKRhBYUp1s0kAnulomGE/L0DHdnA0cTuUo
            hRvUzSosZ3/CMISTjqF6AcTMvvlw004RszfatfZ3KURcG/lwHd44pQ==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2023-12-20T09:29:37Z"
    mac: ENC[AES256_GCM,data:6Zwah/K5ovNBnmyJopVFwR2hH+exj4n2iOk2JMATJ8zMADSGFrB1Jrt+bq9XMLWLWhOemx5NbTgMZu25hSIWhgYXhm0pgXDaVazXrUhLrH3IEaXjJdhPamUN2cMfyD9Empm3jMMayqqLSI1ZrJt9dI0gBIfT5XgYu7lm4Q5P2Bc=,iv:cY7Hzlsn60EABsRf6i4yINIEBxRRdKz2my3U1Xv1YZA=,tag:gE50tlvg+EVB1b6k8LW87g==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.3

Expected is that only secrets are encrypted, but not the line above.

Using:

Simple Sops Edit: v1.5.0
PhpStorm 2023.3.1 Build PS-233.11799.297
sops v3.7.3

Build: Add compatibility with PhpStorm 2024.1 EAP

Currently on 1.5.0, PhpStorm EAP 2024.1 refuses to load the plugin: "requires IDE build 233.* or earlier"

PhpStorm 2024.1 EAP
Build #PS-241.12662.49, built on February 14, 2024

Feature Request: Allow customisation of SOPS path

Problem
As sops fails to handle AWS profiles correctly and we're using KMS keys from different AWS accounts, some sops files can't be opened because of the incorrect profile being selected. There's an upstream sops issue that hasn't been fixed in years.

Request
If the SOPS plugin would allow to customise the path to the sops executable, one could write a little wrapper script that invokes sops with the given arguments and picks the right AWS_PROFILE based on file name or alike.

Sops does not recognise encrypted secrets.yaml

Hey i have the same issue as https://plugins.jetbrains.com/plugin/21317-simple-sops-edit/reviews#review=83441 mentioned.
I already created a new Project with .sops.yaml on top level and a test/secrets.yaml file.
Thanks

sops-plugin do not work

java.lang.RuntimeException: Could not execute sops command
at com.github.daputzy.intellijsopsplugin.sops.ExecutionUtil.run(ExecutionUtil.java:122)
at com.github.daputzy.intellijsopsplugin.sops.ExecutionUtil.decrypt(ExecutionUtil.java:46)
at com.github.daputzy.intellijsopsplugin.handler.EditActionHandler.handle(EditActionHandler.java:23)
at com.intellij.ui.EditorNotificationPanel$6.handlePanelActionClick(EditorNotificationPanel.java:442)
at com.intellij.ui.EditorNotificationPanel$ActionHyperlinkLabel$1.hyperlinkActivated(EditorNotificationPanel.java:487)
at com.intellij.ui.HyperlinkAdapter.hyperlinkUpdate(HyperlinkAdapter.java:14)
at com.intellij.ui.HyperlinkLabel.fireHyperlinkEvent(HyperlinkLabel.java:242)
at com.intellij.ui.HyperlinkLabel.processMouseEvent(HyperlinkLabel.java:164)
at java.desktop/java.awt.Component.processEvent(Component.java:6422)
at java.desktop/java.awt.Container.processEvent(Container.java:2266)
at java.desktop/java.awt.Component.dispatchEventImpl(Component.java:5027)
at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2324)
at java.desktop/java.awt.Component.dispatchEvent(Component.java:4855)
at java.desktop/java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4954)
at java.desktop/java.awt.LightweightDispatcher.processMouseEvent(Container.java:4581)
at java.desktop/java.awt.LightweightDispatcher.dispatchEvent(Container.java:4522)
at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2310)
at java.desktop/java.awt.Window.dispatchEventImpl(Window.java:2808)
at java.desktop/java.awt.Component.dispatchEvent(Component.java:4855)
at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:794)
at java.desktop/java.awt.EventQueue$3.run(EventQueue.java:739)
at java.desktop/java.awt.EventQueue$3.run(EventQueue.java:733)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:86)
at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:97)
at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:766)
at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:764)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:86)
at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:763)
at com.intellij.ide.IdeEventQueue.defaultDispatchEvent(IdeEventQueue.kt:690)
at com.intellij.ide.IdeEventQueue.dispatchMouseEvent(IdeEventQueue.kt:638)
at com.intellij.ide.IdeEventQueue._dispatchEvent(IdeEventQueue.kt:592)
at com.intellij.ide.IdeEventQueue.access$_dispatchEvent(IdeEventQueue.kt:67)
at com.intellij.ide.IdeEventQueue$dispatchEvent$processEventRunnable$1$1$1.compute(IdeEventQueue.kt:369)
at com.intellij.ide.IdeEventQueue$dispatchEvent$processEventRunnable$1$1$1.compute(IdeEventQueue.kt:368)
at com.intellij.openapi.progress.impl.CoreProgressManager.computePrioritized(CoreProgressManager.java:787)
at com.intellij.ide.IdeEventQueue$dispatchEvent$processEventRunnable$1$1.invoke(IdeEventQueue.kt:368)
at com.intellij.ide.IdeEventQueue$dispatchEvent$processEventRunnable$1$1.invoke(IdeEventQueue.kt:363)
at com.intellij.ide.IdeEventQueueKt.performActivity$lambda$1(IdeEventQueue.kt:997)
at com.intellij.openapi.application.TransactionGuardImpl.performActivity(TransactionGuardImpl.java:113)
at com.intellij.ide.IdeEventQueueKt.performActivity(IdeEventQueue.kt:997)
at com.intellij.ide.IdeEventQueue.dispatchEvent$lambda$7(IdeEventQueue.kt:363)
at com.intellij.openapi.application.impl.ApplicationImpl.runIntendedWriteActionOnCurrentThread(ApplicationImpl.java:861)
at com.intellij.ide.IdeEventQueue.dispatchEvent(IdeEventQueue.kt:405)
at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:207)
at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:128)
at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:117)
at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:113)
at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:105)
at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:92)
Caused by: com.intellij.execution.process.ProcessNotCreatedException: Cannot run program "sops" (in directory "/home/work/Develop/fleet-infra-k3s/services/overlays/codeinside-k3s/runix-pgadmin4"): error=2, Нет такого файла или каталога
at com.intellij.execution.configurations.GeneralCommandLine.createProcess(GeneralCommandLine.java:356)
at com.intellij.execution.process.OSProcessHandler.startProcess(OSProcessHandler.java:84)
at com.intellij.execution.process.OSProcessHandler.(OSProcessHandler.java:44)
at com.github.daputzy.intellijsopsplugin.sops.ExecutionUtil.run(ExecutionUtil.java:120)
... 50 more
Caused by: java.io.IOException: Cannot run program "sops" (in directory "/home/work/Develop/fleet-infra-k3s/services/overlays/codeinside-k3s/runix-pgadmin4"): error=2, Нет такого файла или каталога
at java.base/java.lang.ProcessBuilder.start(ProcessBuilder.java:1143)
at java.base/java.lang.ProcessBuilder.start(ProcessBuilder.java:1073)
at com.intellij.execution.configurations.GeneralCommandLine.startProcess(GeneralCommandLine.java:432)
at com.intellij.execution.configurations.GeneralCommandLine.createProcess(GeneralCommandLine.java:346)
... 53 more
Caused by: java.io.IOException: error=2, Нет такого файла или каталога
at java.base/java.lang.ProcessImpl.forkAndExec(Native Method)
at java.base/java.lang.ProcessImpl.(ProcessImpl.java:314)
at java.base/java.lang.ProcessImpl.start(ProcessImpl.java:244)
at java.base/java.lang.ProcessBuilder.start(ProcessBuilder.java:1110)
... 56 more

Sops error

Versions

IntelliJ IDEA 2023.3.6 (Ultimate Edition)
Build #IU-233.15026.9, built on March 21, 2024
Licensed to Onepoint developpement Canada / Gabriel Oshiro
Subscription is active until May 23, 2024.
Runtime version: 17.0.10+1-b1087.23 amd64
VM: OpenJDK 64-Bit Server VM by JetBrains s.r.o.
Windows 11.0
GC: G1 Young Generation, G1 Old Generation
Memory: 4096M
Cores: 20
Registry:
debugger.new.tool.window.layout=true
ide.experimental.ui=true
Non-Bundled Plugins:
com.github.daputzy.intellij-sops-plugin (2.0.0)
org.intellij.plugins.hcl (233.13135.65)
com.petriuk.sops-intellij-plugin (1.2.0-alpha)
com.jetbrains.space (233.15026.16)
monokai-pro (1.10)
dev.aid.delombok (1.18.4.5)
dev.meanmail.plugin.nginx-intellij-plugin (2022.1.1)
com.ivanovych666.intellij.plugin.jsonsorter (1.0.0-beta.3.4)
google-java-format (1.22.0.0)
com.jetbrains.jax.ws (233.13135.65)
com.intellij.spring.shell (233.11799.196)
com.intellij.plugin.adernov.powershell (2.6.1)
com.intellij.javaee.ejb (233.11799.196)
com.intellij.ml.llm (233.15026.24)
dev.turingcomplete.intellijdevelopertoolsplugins (4.2.0)
com.jetbrains.packagesearch.intellij-plugin (233.11800.8)
com.haulmont.jpab (2023.4.1-233)
MavenRunHelper (4.28.0-IJ2022.2)
Pythonid (233.15026.9)
com.github.copilot (1.5.3.5510)
ru.adelf.idea.dotenv (2024.1)
org.sonarlint.idea (10.5.0.78339)
zielu.gittoolbox (500.2.7+233)
dev.nx.console (1.23.1)
Kotlin: 233.15026.9-IJ

sops --version
sops 3.7.3

Simple Sops Edit version 2.0.0

Steps to repro

Create secrets.json encrypted
Click on View (on the bar proposed by the plugin)
Verify that the file is decoded, that means that the plugin and sops work properly
Now click on Edit and add something to the file
Ctrl + S to save the file and close it
Actual: A pop up message will display an error
Expected: the file secrets.json should be edited and encrypted

Error message

Sops error
Out-File : The process cannot access the file 'C:\Users\g.oshiro\AppData\Local\Temp\1942865019\secrets.json' because it is being used by another process. At C:\Users\g.oshiro\AppData\Local\Temp\simple-sops-edit17945077680687193703\10630914340165521956.ps1:5 char:12 + $content | Out-File "$file" + ~~~~~~~~~~~~~~~~ + CategoryInfo : OpenError: (:) [Out-File], IOException + FullyQualifiedErrorId : FileOpenFailure,Microsoft.PowerShell.Commands.OutFileCommand File has not changed, exiting.

Attempt to load text for binary file

com.intellij.diagnostic.PluginException: Attempt to load text for binary file which doesn't have a decompiler plugged in: /Diff for Pull Request. File type: DIFF [Plugin: com.github.daputzy.intellij-sops-plugin]
	at com.intellij.ui.EditorNotificationsImpl$updateEditors$job$1.invokeSuspend(EditorNotificationsImpl.kt:251)
	at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
	at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:108)
	at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:584)
	at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:793)
	at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:697)
	at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:684)
Caused by: java.lang.IllegalArgumentException: Attempt to load text for binary file which doesn't have a decompiler plugged in: /Diff for Pull Request. File type: DIFF
	at com.intellij.openapi.fileEditor.impl.LoadTextUtil.loadText(LoadTextUtil.java:489)
	at com.github.daputzy.intellijsopsplugin.file.FileUtil.lambda$getContent$1(FileUtil.java:35)
	at com.intellij.openapi.application.impl.ApplicationImpl.runReadAction(ApplicationImpl.java:909)
	at com.intellij.openapi.application.ReadAction.compute(ReadAction.java:65)
	at com.github.daputzy.intellijsopsplugin.file.FileUtil.getContent(FileUtil.java:35)
	at com.github.daputzy.intellijsopsplugin.sops.DetectionUtil.sopsFileDetected(DetectionUtil.java:35)
	at com.github.daputzy.intellijsopsplugin.SopsNotificationProvider.collectNotificationData(SopsNotificationProvider.java:30)
	at com.intellij.ui.EditorNotificationsImpl$updateEditors$job$1$result$1.invoke(EditorNotificationsImpl.kt:229)
	at com.intellij.ui.EditorNotificationsImpl$updateEditors$job$1$result$1.invoke(EditorNotificationsImpl.kt:226)
	at com.intellij.openapi.application.rw.InternalReadAction.insideReadAction(InternalReadAction.kt:108)
	at com.intellij.openapi.application.rw.InternalReadAction.access$insideReadAction(InternalReadAction.kt:16)
	at com.intellij.openapi.application.rw.InternalReadAction$tryReadCancellable$2.invoke(InternalReadAction.kt:95)
	at com.intellij.openapi.application.rw.InternalReadAction$tryReadCancellable$2.invoke(InternalReadAction.kt:94)
	at com.intellij.openapi.application.rw.CancellableReadActionKt$cancellableReadActionInternal$1.invoke$lambda$1$lambda$0(cancellableReadAction.kt:38)
	at com.intellij.openapi.application.impl.ApplicationImpl.tryRunReadAction(ApplicationImpl.java:1075)
	at com.intellij.openapi.application.rw.CancellableReadActionKt$cancellableReadActionInternal$1.invoke$lambda$1(cancellableReadAction.kt:36)
	at com.intellij.openapi.progress.util.ProgressIndicatorUtilService.runActionAndCancelBeforeWrite(ProgressIndicatorUtilService.java:73)
	at com.intellij.openapi.progress.util.ProgressIndicatorUtils.runActionAndCancelBeforeWrite(ProgressIndicatorUtils.java:128)
	at com.intellij.openapi.application.rw.CancellableReadActionKt$cancellableReadActionInternal$1.invoke(cancellableReadAction.kt:34)
	at com.intellij.openapi.progress.CoroutinesKt.blockingContextInner(coroutines.kt:321)
	at com.intellij.openapi.progress.CoroutinesKt.blockingContext(coroutines.kt:310)
	at com.intellij.openapi.application.rw.CancellableReadActionKt.cancellableReadActionInternal(cancellableReadAction.kt:31)
	at com.intellij.openapi.application.rw.InternalReadAction.tryReadCancellable(InternalReadAction.kt:94)
	at com.intellij.openapi.application.rw.InternalReadAction.tryReadAction(InternalReadAction.kt:78)
	at com.intellij.openapi.application.rw.InternalReadAction.readLoop(InternalReadAction.kt:65)
	at com.intellij.openapi.application.rw.InternalReadAction.access$readLoop(InternalReadAction.kt:16)
	at com.intellij.openapi.application.rw.InternalReadAction$runReadAction$4.invokeSuspend(InternalReadAction.kt:44)
	at com.intellij.openapi.application.rw.InternalReadAction$runReadAction$4.invoke(InternalReadAction.kt)
	at com.intellij.openapi.application.rw.InternalReadAction$runReadAction$4.invoke(InternalReadAction.kt)
	at kotlinx.coroutines.intrinsics.UndispatchedKt.startUndispatchedOrReturn(Undispatched.kt:78)
	at kotlinx.coroutines.BuildersKt__Builders_commonKt.withContext(Builders.common.kt:167)
	at kotlinx.coroutines.BuildersKt.withContext(Unknown Source)
	at com.intellij.openapi.application.rw.InternalReadAction.runReadAction(InternalReadAction.kt:40)
	at com.intellij.openapi.application.rw.PlatformReadWriteActionSupport.executeReadAction(PlatformReadWriteActionSupport.kt:38)
	at com.intellij.openapi.application.ReadWriteActionSupport.executeReadAction$default(ReadWriteActionSupport.kt:15)
	at com.intellij.openapi.application.CoroutinesKt.constrainedReadAction(coroutines.kt:58)
	at com.intellij.openapi.application.CoroutinesKt.readAction(coroutines.kt:25)
	at com.intellij.ui.EditorNotificationsImpl$updateEditors$job$1.invokeSuspend(EditorNotificationsImpl.kt:226)
	... 6 more

intellij-sops-plugin doesn't respect path_regex and encrypted_regex in config .sops.yaml

I've instructed sops don't encrypt metadata fields in my Kubernetes Secret with the following config .sops.yaml:

creation_rules:
- path_regex: ".*-secret.yaml|.*-secret.patch.yaml"
  encrypted_regex: ^(data|stringData)$
  azure_keyvault: https://xxx
- path_regex: ""
  azure_keyvault: https://xxx

But as a result I get encrypted both metada and data in my Secret datasource-secret.enc.yaml:

apiVersion: ENC[AES256_GCM,data:EUE=,iv:HTIqw0lOoUzwxMR5t7PihyP3wqBw4jkLjOUdX0Qq/Ms=,tag:wUfy5isnV1CYCDek5UEnHA==,type:str]
kind: ENC[AES256_GCM,data:zzYYjAkj,iv:SWmwGdqwAfo/9yBrBLkvPt12zoVhYlBjJoBbyVg9F1E=,tag:X9o9byzQ2vUJh7hnEtuYVw==,type:str]
metadata:
    name: ENC[AES256_GCM,data:YDi1NH/10KjCqdeNxe8b19L3Jw==,iv:F2JTPS1xDJiWt9S1ZA4sK3sQ9GIlaZJ0CMx7uf+kGUs=,tag:VW2WOvQNf9pBE1hSeqq7+A==,type:str]
    labels:
        grafana_datasource: ENC[AES256_GCM,data:hQ==,iv:qfZL9xZehxFtAAPZdyAnXgssq8YJgPTi4K5lj/IqFyM=,tag:FpsgH9j9LZr8zezWrOWScQ==,type:str]
type: ENC[AES256_GCM,data:Ke1N21eD,iv:R72nJnkhhJrfh9pMWhTKaOhhGD8k8HtX4ww2wuwWycU=,tag:EZ5KBhnc1RfG7xa2VEooog==,type:str]
stringData:
    datasource.yaml: ENC[XXX]

Running the original sops binary it works as expected and metadata is not encrypted:

sops -e datasource-secret.yaml > datasource-secret.enc.yaml

apiVersion: v1
kind: Secret
metadata:
    name: grafana-datasources
    labels:
        grafana_datasource: "1"
type: Opaque
stringData:
    datasource.yaml: ENC[XXX]

plugin does not decrypt an AWS KMS encrypted file

I am having some issues to make it work as well, i got a sops encrypted file called aws_credentials (no extension). I am using AWS KMS

The content of aws_credentials looks like this:

{
	"data": "ENC[AES256_GCM,data:DATA_IN_BASE64_HERE,type:str]",
	"sops": {
		"kms": [
			{
				"arn": "arn:aws:kms:eu-central-1:MY_AWS_ACCOUNT_ID:key/MY_KEY_ID",
				"created_at": "2023-10-09T14:18:03Z",
				"enc": "ANOTHER_BASE64_ENC",
				"aws_profile": ""
			}
		],
		"gcp_kms": null,
		"azure_kv": null,
		"hc_vault": null,
		"age": null,
		"lastmodified": "2023-10-09T14:18:26Z",
		"mac": "ENC[AES256_GCM,data:BASE_64_MAC,type:str]",
		"pgp": null,
		"unencrypted_suffix": "_unencrypted",
		"version": "3.7.3"
	}
}

Running sops -d aws_credentials decrypts the file successfully!

$ sops --version                                              
sops 3.7.3

JetBrains Rider 2023.3.3
Build #RD-233.14015.60, built on January 19, 2024
Licensed to me
Subscription is active until October 25, 2024.
Runtime version: 17.0.9+7-b1087.11 amd64
VM: OpenJDK 64-Bit Server VM by JetBrains s.r.o.
Linux 6.5.0-25-generic
.NET Core v7.0.10 x64 (Server GC)
GC: G1 Young Generation, G1 Old Generation
Memory: 2956M
Cores: 12
Registry:
editor.config.csharp.support=true
Non-Bundled Plugins:
com.github.daputzy.intellij-sops-plugin (1.5.1)
com.intellij.ml.llm (233.14015.147)
Current Desktop: ubuntu:GNOME

Got stacktrace probably correlated with unencrypted editor is not properly replaced with encrypted at save.

I got this internal error in intellij. I have the make-readonly attribute set and the file cannot be written to on disk (not sure if that is related to this but I had to edit manually outside of intellij). This is on Ubuntu 23.10.

java.lang.RuntimeException: Cannot invoke (class=, method=fileClosed, topic=FileEditorManagerListener)
	at com.intellij.util.messages.impl.MessageBusImplKt.invokeListener(MessageBusImpl.kt:676)
	at com.intellij.util.messages.impl.MessageBusImplKt.deliverMessage(MessageBusImpl.kt:422)
	at com.intellij.util.messages.impl.MessageBusImplKt.pumpWaiting(MessageBusImpl.kt:401)
	at com.intellij.util.messages.impl.MessageBusImplKt.access$pumpWaiting(MessageBusImpl.kt:1)
	at com.intellij.util.messages.impl.MessagePublisher.invoke(MessageBusImpl.kt:460)
	at jdk.proxy2/jdk.proxy2.$Proxy60.fileClosed(Unknown Source)
	at com.intellij.openapi.fileEditor.impl.EditorWindow.closeFile$lambda$8$lambda$7(EditorWindow.kt:595)
	at com.intellij.openapi.fileEditor.impl.FileEditorManagerImpl.notifyPublisher(FileEditorManagerImpl.kt:1221)
	at com.intellij.openapi.fileEditor.impl.EditorWindow.closeFile$intellij_platform_ide_impl(EditorWindow.kt:592)
	at com.intellij.openapi.fileEditor.impl.EditorWindow.closeFile$intellij_platform_ide_impl$default(EditorWindow.kt:553)
	at com.intellij.openapi.fileEditor.impl.FileEditorManagerImpl.closeFile$intellij_platform_ide_impl(FileEditorManagerImpl.kt:699)
	at com.intellij.openapi.fileEditor.impl.FileEditorManagerImpl.closeFile(FileEditorManagerImpl.kt:720)
	at com.intellij.openapi.fileEditor.impl.tabActions.CloseTab.actionPerformed(CloseTab.kt:101)
	at com.intellij.openapi.actionSystem.ex.ActionUtil.doPerformActionOrShowPopup(ActionUtil.java:339)
	at com.intellij.openapi.keymap.impl.ActionProcessor.performAction(ActionProcessor.java:47)
	at com.intellij.openapi.keymap.impl.IdeKeyEventDispatcher$myActionProcessor$1.performAction(IdeKeyEventDispatcher.kt:502)
	at com.intellij.openapi.keymap.impl.IdeKeyEventDispatcherKt.doPerformActionInner$lambda$5$lambda$4(IdeKeyEventDispatcher.kt:865)
	at com.intellij.openapi.application.TransactionGuardImpl.performActivity(TransactionGuardImpl.java:105)
	at com.intellij.openapi.application.TransactionGuardImpl.performUserActivity(TransactionGuardImpl.java:94)
	at com.intellij.openapi.keymap.impl.IdeKeyEventDispatcherKt.doPerformActionInner$lambda$5(IdeKeyEventDispatcher.kt:865)
	at com.intellij.openapi.actionSystem.ex.ActionUtil.performDumbAwareWithCallbacks(ActionUtil.java:362)
	at com.intellij.openapi.keymap.impl.IdeKeyEventDispatcherKt.doPerformActionInner(IdeKeyEventDispatcher.kt:863)
	at com.intellij.openapi.keymap.impl.IdeKeyEventDispatcherKt.access$doPerformActionInner(IdeKeyEventDispatcher.kt:1)
	at com.intellij.openapi.keymap.impl.IdeKeyEventDispatcher.processAction$intellij_platform_ide_impl(IdeKeyEventDispatcher.kt:587)
	at com.intellij.openapi.keymap.impl.IdeKeyEventDispatcher.processAction(IdeKeyEventDispatcher.kt:513)
	at com.intellij.openapi.keymap.impl.IdeKeyEventDispatcher.processActionOrWaitSecondStroke(IdeKeyEventDispatcher.kt:454)
	at com.intellij.openapi.keymap.impl.IdeKeyEventDispatcher.inInitState(IdeKeyEventDispatcher.kt:447)
	at com.intellij.openapi.keymap.impl.IdeKeyEventDispatcher.dispatchKeyEvent(IdeKeyEventDispatcher.kt:309)
	at com.intellij.ide.IdeEventQueue.dispatchKeyEvent(IdeEventQueue.kt:622)
	at com.intellij.ide.IdeEventQueue._dispatchEvent(IdeEventQueue.kt:591)
	at com.intellij.ide.IdeEventQueue.access$_dispatchEvent(IdeEventQueue.kt:67)
	at com.intellij.ide.IdeEventQueue$dispatchEvent$processEventRunnable$1$1$1.compute(IdeEventQueue.kt:369)
	at com.intellij.ide.IdeEventQueue$dispatchEvent$processEventRunnable$1$1$1.compute(IdeEventQueue.kt:368)
	at com.intellij.openapi.progress.impl.CoreProgressManager.computePrioritized(CoreProgressManager.java:787)
	at com.intellij.ide.IdeEventQueue$dispatchEvent$processEventRunnable$1$1.invoke(IdeEventQueue.kt:368)
	at com.intellij.ide.IdeEventQueue$dispatchEvent$processEventRunnable$1$1.invoke(IdeEventQueue.kt:363)
	at com.intellij.ide.IdeEventQueueKt.performActivity$lambda$1(IdeEventQueue.kt:997)
	at com.intellij.openapi.application.TransactionGuardImpl.performActivity(TransactionGuardImpl.java:113)
	at com.intellij.ide.IdeEventQueueKt.performActivity(IdeEventQueue.kt:997)
	at com.intellij.ide.IdeEventQueue.dispatchEvent$lambda$7(IdeEventQueue.kt:363)
	at com.intellij.openapi.application.impl.ApplicationImpl.runIntendedWriteActionOnCurrentThread(ApplicationImpl.java:861)
	at com.intellij.ide.IdeEventQueue.dispatchEvent(IdeEventQueue.kt:405)
	at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:207)
	at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:128)
	at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:117)
	at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:113)
	at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:105)
	at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:92)
Caused by: java.lang.RuntimeException: Could not write content to file
	at com.github.daputzy.intellijsopsplugin.file.FileUtil.lambda$writeContentBlocking$3(FileUtil.java:49)
	at com.intellij.openapi.application.impl.ApplicationImpl.invokeAndWait(ApplicationImpl.java:458)
	at com.intellij.openapi.application.impl.ApplicationImpl.invokeAndWait(ApplicationImpl.java:490)
	at com.github.daputzy.intellijsopsplugin.file.FileUtil.writeContentBlocking(FileUtil.java:45)
	at com.github.daputzy.intellijsopsplugin.handler.EditActionHandler$1.fileClosed(EditActionHandler.java:46)
	at com.intellij.util.messages.impl.MessageBusImplKt.invokeMethod(MessageBusImpl.kt:699)
	at com.intellij.util.messages.impl.MessageBusImplKt.invokeListener(MessageBusImpl.kt:659)
	... 47 more
Caused by: java.nio.file.AccessDeniedException: /home/REDACTED-secrets.enc.yaml
	at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:90)
	at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:106)
	at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111)
	at java.base/sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:218)
	at java.base/java.nio.file.spi.FileSystemProvider.newOutputStream(FileSystemProvider.java:484)
	at java.base/java.nio.file.Files.newOutputStream(Files.java:228)
	at com.intellij.openapi.vfs.impl.local.LocalFileSystemBase.getOutputStream(LocalFileSystemBase.java:523)
	at com.intellij.openapi.vfs.newvfs.persistent.PersistentFSImpl$3.close(PersistentFSImpl.java:859)
	at com.intellij.openapi.vfs.newvfs.impl.VirtualFileImpl.setBinaryContent(VirtualFileImpl.java:157)
	at com.intellij.openapi.vfs.VirtualFile.setBinaryContent(VirtualFile.java:561)
	at com.intellij.openapi.vfs.VirtualFile.setBinaryContent(VirtualFile.java:557)
	at com.github.daputzy.intellijsopsplugin.file.FileUtil.lambda$writeContentBlocking$2(FileUtil.java:43)
	at com.intellij.openapi.application.WriteAction.lambda$runAndWait$2(WriteAction.java:116)
	at com.intellij.openapi.application.impl.ApplicationImpl.runWriteActionWithClass(ApplicationImpl.java:980)
	at com.intellij.openapi.application.impl.ApplicationImpl.runWriteAction(ApplicationImpl.java:1006)
	at com.intellij.openapi.application.WriteAction.computeAndWait(WriteAction.java:135)
	at com.intellij.openapi.application.WriteAction.computeAndWait(WriteAction.java:129)
	at com.intellij.openapi.application.WriteAction.runAndWait(WriteAction.java:115)
	at com.github.daputzy.intellijsopsplugin.file.FileUtil.lambda$writeContentBlocking$3(FileUtil.java:47)
	... 53 more

Error when storing changes to encrypted file using AWS SSO and AWS profiles

Hey there!

Thank you for this neat tool. I'm facing an issue with our current AWS SSO setup and saving an encrypted file back with Simple SOPS. It then says:

Could not generate data key: [failed to encrypt new data key with master key "arn:aws:kms:xxx:xxx:key/xxx": Failed to call KMS encryption service: NoCredentialProviders: no valid providers in chain. Deprecated. For verbose messaging see aws.Config.CredentialsChainVerboseErrors]

I'm storing the AWS_PROFILE within the encrypted file under

sops:
  kms:
    - arn: xxx
      created_at: xxx
      enc: xxx
      aws_profile: "PROFILE_NAME"

Maybe it's because the aws_profile gets lost on the way of re-encrypting the encrypted file? Or maybe I am missing something here? When using SOPS in the IntelliJ's terminal window, it all works.

Any help is appreciated!

Widura

2.0.0 asset incompatible with IDEA 2024.1

When I try to install the ZIP file from the 2.0.0 release in IntelliJ 2024.1.1, it gives me the following error:

Is it actually necessary to set an upper version bound? I remember that it required an update each time JetBrains released an EAP.

RuntimeException: Could not get document for file

java.lang.RuntimeException: Cannot invoke (class=, method=fileClosed, topic=FileEditorManagerListener)
	at com.intellij.util.messages.impl.MessageBusImplKt.invokeListener(MessageBusImpl.kt:639)
	at com.intellij.util.messages.impl.MessageBusImplKt.deliverMessage(MessageBusImpl.kt:395)
	at com.intellij.util.messages.impl.MessageBusImplKt.pumpWaiting(MessageBusImpl.kt:374)
	at com.intellij.util.messages.impl.MessageBusImplKt.access$pumpWaiting(MessageBusImpl.kt:1)
	at com.intellij.util.messages.impl.MessagePublisher.invoke(MessageBusImpl.kt:433)
	at jdk.proxy1/jdk.proxy1.$Proxy123.fileClosed(Unknown Source)
	at com.intellij.openapi.fileEditor.impl.EditorWindow.closeFile$lambda$11$lambda$10(EditorWindow.kt:582)
	at com.intellij.openapi.fileEditor.impl.FileEditorManagerImpl$7.lambda$run$0(FileEditorManagerImpl.java:1252)
	at com.intellij.openapi.util.ExpirableRunnable$1.run(ExpirableRunnable.java:17)
	at com.intellij.openapi.wm.impl.FocusManagerImpl.lambda$doWhenFocusSettlesDown$3(FocusManagerImpl.java:173)
	at com.intellij.util.ui.EdtInvocationManager.invokeLaterIfNeeded(EdtInvocationManager.java:33)
	at com.intellij.ide.IdeEventQueue.ifFocusEventsInTheQueue(IdeEventQueue.java:176)
	at com.intellij.ide.IdeEventQueue.executeWhenAllFocusEventsLeftTheQueue(IdeEventQueue.java:129)
	at com.intellij.openapi.wm.impl.FocusManagerImpl.doWhenFocusSettlesDown(FocusManagerImpl.java:169)
	at com.intellij.openapi.fileEditor.impl.FileEditorManagerImpl$7.run(FileEditorManagerImpl.java:1251)
	at com.intellij.openapi.util.BusyObject$Impl$Simple.execute(BusyObject.java:105)
	at com.intellij.openapi.fileEditor.impl.FileEditorManagerImpl.notifyPublisher(FileEditorManagerImpl.java:1248)
	at com.intellij.openapi.fileEditor.impl.EditorWindow.closeFile$lambda$11(EditorWindow.kt:578)
	at com.intellij.openapi.fileEditor.impl.FileEditorManagerImpl.runBulkTabChange(FileEditorManagerImpl.java:1904)
	at com.intellij.openapi.fileEditor.impl.EditorWindow.closeFile(EditorWindow.kt:538)
	at com.intellij.openapi.fileEditor.impl.FileEditorManagerImpl.lambda$closeFile$5(FileEditorManagerImpl.java:706)
	at com.intellij.openapi.command.impl.CoreCommandProcessor.executeCommand(CoreCommandProcessor.java:219)
	at com.intellij.openapi.command.impl.CoreCommandProcessor.executeCommand(CoreCommandProcessor.java:174)
	at com.intellij.openapi.command.impl.CoreCommandProcessor.executeCommand(CoreCommandProcessor.java:164)
	at com.intellij.openapi.command.impl.CoreCommandProcessor.executeCommand(CoreCommandProcessor.java:150)
	at com.intellij.openapi.fileEditor.impl.FileEditorManagerImpl.closeFile(FileEditorManagerImpl.java:704)
	at com.intellij.openapi.fileEditor.impl.FileEditorManagerImpl.closeFile(FileEditorManagerImpl.java:714)
	at com.intellij.openapi.fileEditor.impl.EditorTabbedContainer$TabMouseListener.mouseReleased(EditorTabbedContainer.java:372)
	at java.desktop/java.awt.AWTEventMulticaster.mouseReleased(AWTEventMulticaster.java:298)
	at java.desktop/java.awt.AWTEventMulticaster.mouseReleased(AWTEventMulticaster.java:297)
	at java.desktop/java.awt.Component.processMouseEvent(Component.java:6648)
	at java.desktop/javax.swing.JComponent.processMouseEvent(JComponent.java:3392)
	at java.desktop/java.awt.Component.processEvent(Component.java:6413)
	at java.desktop/java.awt.Container.processEvent(Container.java:2266)
	at java.desktop/java.awt.Component.dispatchEventImpl(Component.java:5022)
	at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2324)
	at java.desktop/java.awt.Component.dispatchEvent(Component.java:4854)
	at java.desktop/java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4948)
	at java.desktop/java.awt.LightweightDispatcher.processMouseEvent(Container.java:4575)
	at java.desktop/java.awt.LightweightDispatcher.dispatchEvent(Container.java:4516)
	at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2310)
	at java.desktop/java.awt.Window.dispatchEventImpl(Window.java:2802)
	at java.desktop/java.awt.Component.dispatchEvent(Component.java:4854)
	at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:781)
	at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:730)
	at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:724)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
	at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:86)
	at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:97)
	at java.desktop/java.awt.EventQueue$5.run(EventQueue.java:754)
	at java.desktop/java.awt.EventQueue$5.run(EventQueue.java:752)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
	at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:86)
	at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:751)
	at com.intellij.ide.IdeEventQueue.defaultDispatchEvent(IdeEventQueue.java:909)
	at com.intellij.ide.IdeEventQueue.dispatchMouseEvent(IdeEventQueue.java:831)
	at com.intellij.ide.IdeEventQueue._dispatchEvent(IdeEventQueue.java:753)
	at com.intellij.ide.IdeEventQueue.lambda$dispatchEvent$5(IdeEventQueue.java:437)
	at com.intellij.openapi.progress.impl.CoreProgressManager.computePrioritized(CoreProgressManager.java:787)
	at com.intellij.ide.IdeEventQueue.lambda$dispatchEvent$6(IdeEventQueue.java:436)
	at com.intellij.openapi.application.TransactionGuardImpl.performActivity(TransactionGuardImpl.java:113)
	at com.intellij.ide.IdeEventQueue.performActivity(IdeEventQueue.java:615)
	at com.intellij.ide.IdeEventQueue.lambda$dispatchEvent$7(IdeEventQueue.java:434)
	at com.intellij.openapi.application.impl.ApplicationImpl.runIntendedWriteActionOnCurrentThread(ApplicationImpl.java:838)
	at com.intellij.ide.IdeEventQueue.dispatchEvent(IdeEventQueue.java:480)
	at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:207)
	at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:128)
	at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:117)
	at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:113)
	at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:105)
	at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:92)
Caused by: java.lang.RuntimeException: Could not get document for file
	at com.github.daputzy.intellijsopsplugin.FileUtil.getDocument(FileUtil.java:27)
	at com.github.daputzy.intellijsopsplugin.EditActionHandler$1.fileClosed(EditActionHandler.java:35)
	at com.intellij.util.messages.impl.MessageBusImplKt.invokeMethod(MessageBusImpl.kt:655)
	at com.intellij.util.messages.impl.MessageBusImplKt.invokeListener(MessageBusImpl.kt:621)
	... 70 more

Compatibility with sops (and age) via aqua utility

Hello,
I'm using CLI package manager aqua.
This tool allows defining tools (and their associated versions) within a repository. Aqua then functions as a command proxy, so depending on the folder from which a command is launched, if aqua manages it, it uses the binary of the version specified in the configuration file.
However, if executed from a location (none of the parent folders have an aqua configuration file), it cannot find the command. The $PATH environment variable must also include the path to the proxified binaries:
export PATH="${AQUA_ROOT_DIR:-${XDG_DATA_HOME:-$HOME/.local/share}/aquaproj-aqua}/bin:$PATH"

Looking at the source code of this plugin, it seems that it navigates to the folder containing the file to decrypt, and it appears to pass the parent environment variables. These two elements should enable the plugin to work with aqua. However, I'm not sure if that's really the case, and I don't know how to debug the plugin.

To test it :
Install aqua :

# Aqua installation 
curl -sSL -o /tmp/aqua.tar.gz https://github.com/aquaproj/aqua/releases/download/v2.21.3/aqua_linux_amd64.tar.gz && /bin/tar -xzf /tmp/aqua.tar.gz -C /tmp && chmod 0755 /tmp/aqua && sudo chown root:root /tmp/aqua && sudo mv /tmp/aqua ${aqua_install_path}/aqua && rm -f /tmp/aqua.tar.gz /tmp/aqua

# Env var (add it to bashrc if needed)
export PATH="${AQUA_ROOT_DIR:-${XDG_DATA_HOME:-$HOME/.local/share}/aquaproj-aqua}/bin:$PATH" 

# Prepare Test Directory
mkdir $HOME/test-sops && cd $HOME/test-sops

# Generate and install aqua tools sops and age
aqua init && aqua g FiloSottile/age getsops/sops >> aqua.yaml && aqua i

# Show Version tools
sops --version
# Show sops 3.8.1 (latest)
age --version
# Show v1.1.1

cd ..
sops --version 
# show : FATA[0000] aqua failed                                   aqua_version=2.21.3 doc="https://aquaproj.github.io/docs/reference/codes/004" env=linux/amd64 error="command is not found" exe_name=sops program=aqua

age --version 
# show: FATA[0000] aqua failed                                   aqua_version=2.21.3 doc="https://aquaproj.github.io/docs/reference/codes/004" env=linux/amd64 error="command is not found" exe_name=age program=aqua

You just need to add your .sops.yaml to directory $HOME/test-sops and generate an age key if needed.

You can now encrypt a file with sops commande from $HOME/test-sops directory via command line.
But you can't with your plugin.
Please can you take a look at this ?

not working in pycharm-c 2024.1

I'm trying to move back to pycharm but this isn't working at all. I have the age.key in my project root and I've set the age key env var in the settings. I get no error message at all. It does nothing when I click the buttons.

In vscode I use this plugin and it works perfectly with no configuration required. https://github.com/signageos/vscode-sops

secrets.yaml not detected as SOPS file (again)

Hi,

I'm using sops to encrypt secrets.yaml file used when specifying values for helmfile releases. I'm using sops command line directly to edit encrypted files like this:

EDITOR=kwrite sops /path/to/secrets.yaml

...and this works. But since I'm using IDEA to edit other files, I wanted to try this plugin. It doesn't detect the secrets.yaml file to be SOPS encrypted file and doesn't show the status line with a link to "Edit" it in decrypted form. The encrypted file structure does contain the following at the end:

sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age: []
    lastmodified: "2023-07-07T14:22:35Z"
    mac: ENC[...redacted...]
    pgp:
        - created_at: "2023-06-13T15:47:51Z"
          enc: |-
            -----BEGIN PGP MESSAGE-----
               ...redacted...
            -----END PGP MESSAGE-----
          fp: ...redacted...
    unencrypted_suffix: _unencrypted
    version: 3.7.3

Somewhere I read that users put a .sops.yaml file in the project's root folder. I don't have such file. I added an empty .sops.yaml file into project's root folder and the plugin then recognized the SOPS encrypted file and allowed me to start editing it in decrypted form. But when saving the modified decrypted tab and upon closing it, I get the following error and original file is left intact:

Sops error
config file not found and no keys provided through command line options

Should I put some content into .sops.yaml file in the project's root and what? I didn't need that file for editing encrypted files using sops command line directly.

Executing `idea` issue in MacOS

Hi! Great effort with this new plugin :)

Unfortunately, it's not working for me. Error is attached.

sops <filename> works if I'm running it from terminal and I can edit the file.

Kind regards,
Alen