INI format support about sops HOT 8 CLOSED

You mean support ini for the .sops.yaml configuration file documented at https://github.com/mozilla/sops#using-sops-yaml-conf-to-select-kms-pgp-for-new-files ?

I don't think that's a problem as long as the loaded configuration fits into the same dictionary. But, to be honest, that yaml formal is so trivial I don't really see a benefit to supporting ini as well.

from sops.

i meant ini as another option vs. json/yaml for encrypted files

from sops.

Ah, that's a different story then 😄
I'm not familiar enough with the ini format to say that it's possible to do. Do you have a link to a formal specification? If ini can be loaded as a key/value tree like yaml and json, then we should be able to encrypt the leaves.

Of course, you can always treat ini files as binary, but you lose the readability of keeping the file structure in cleartext.

from sops.

i don't think there's a formal spec (not one i could easily find anyway). https://docs.python.org/3/library/configparser.html is probably all that's necessary here. i think key/value tree access works out of the box.

from sops.

How about supporting simple .env files first? This is literally the syntax:

VAR1=val1
VAR2=val2

I'm looking to use sops to decrypt secrets for Kustomize, and encrypting only values for .env files sounds like a nice quality of life feature.

I have very little experience with Go, though. @jvehent some pointers on how to add this file format?

from sops.

@jcassee you essentially need to write something that implements the Store interface and then plug that in to the command line tool. Here's the YAML store which you can use as an example.

The main challenge here is that SOPS needs to store its metadata (a non-flat structure) with the file, so you'd have to figure out how to store that for .env files. For YAML and JSON, we just use a "sops" top level map entry.

from sops.

@autrilla Thanks for the pointers. #391 implements the new store.

from sops.

Fixed with #400

from sops.