Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How does one use decrypt.File provided by the mozilla sops decrypt go module #1441

Closed
Janik-Haag opened this issue Feb 18, 2024 · 4 comments
Closed

Comments

@Janik-Haag
Copy link

Janik-Haag commented Feb 18, 2024

Hey I'm running into a similar error to #804
I'm opening this issue because my question is a bit different sorry if this is a duplicate.

my .sops.yaml basically looks like:

keys:
  - &janik age1...
creation_rules:
  - path_regex: ^secrets/shared.yaml$
    key_groups:
      - age:
        - *janik

this is a minimal code example to reproduce the behavior:

package main

import (
	"fmt"
	"go.mozilla.org/sops/decrypt"
)

func main() {
	plain, err := decrypt.File("./secrets/shared.yaml", "yaml")
	if err != nil {
		fmt.Println(fmt.Errorf("Failed to decrypt: %w", err))
	}
	fmt.Println(plain)
}

if I run the resulting binary it prints:

Failed to decrypt: No keys found in file
[]

I also checked that XDG_CONFIG_HOME is set correctly and decrypting the file with the sops cli utility works just fine and using other tools that implement sops like https://github.com/Mic92/sops-nix/ also works without any problem.

I also checked in the ./secrets/shared.yaml and it basically looks like:

...
sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1...
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            ...
            -----END AGE ENCRYPTED FILE-----
...
@felixfontein
Copy link
Contributor

"go.mozilla.org/sops/decrypt"

Please note that the package moved (#1246). It could be that the problem you are encountering is caused by a bug long fixed in this repo.

@felixfontein
Copy link
Contributor

In any case, the general usage is correct, I tried this with github.com/getsops/sops/v3/decrypt and a different file to decrypt, and it gave me a long list of bytes :) I don't use age keys though, so maybe the problem is (also) related to that.

@Janik-Haag
Copy link
Author

Thank you! Changing the url made it work.

@felixfontein
Copy link
Contributor

I'm glad it was only this and not a real bug 😅

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants