-
Notifications
You must be signed in to change notification settings - Fork 880
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Look for .sops.yaml relative to target #242
Comments
SOPS looks for the config file from the current working directory. Commit 597acb7 changed this for the Go version, the Python version does this too. However, the docs are not very clear at explaining this. |
thx - that is interesting! What was the motivation? Not clear from the commit. from the peanut gallery, a +1 for an 'ascending from target' M.O; In various repos where this might be used, it's typical to be rooted in the root directory. |
This was the behavior of the Python version, and the Go version wants to keep compatibility with the Python version, so the commit I mentioned was basically fixing a bug. As to why the Python version uses cwd instead of the file's path, I do not know. |
It's a bit tricky to design. You may want to encrypt a file located under
/tmp/foo.key while being placed inside your secrets directory, and
.sops.yaml would be picked up correctly.
If we change that, add support for both, and 2 config exists for cwd and
file directory, which one should take precedence?
…On Aug 30, 2017 01:28, "Adrian Utrilla" ***@***.***> wrote:
This was the behavior of the Python version, and the Go version wants to
keep compatibility with the Python version, so the commit I mentioned was
basically fixing a bug. As to why the Python version uses cwd instead of
the file's path, I do not know.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#242 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAZXgU72hWROa-3R3sc0NG-5ETTGaGRGks5sdPL1gaJpZM4PGrBk>
.
|
I'm interested in this as it would allow me to structure my repo in a way where different What is the status of this? Can it be worked on? |
I don't think we can make any change to the current behavior until we have a reasonable approach to deciding which configuration file would take precedence when two configs exists in cwd and |
A modest suggestion, so as not to break existing workflows but to allow adoption of the (IMHO!) clearly better (;-)) choice over time:
This way, an existing user preserves behaviour as is; a new user wanting file-dir-and-up gets it as they have no clash; and an existing user can transition as they choose, requiring both a file-dir-and-up config file and an opt-in in their CWD-and-up file. |
Here's a shell script to do the file-centric resolution in userland. You can use it like function sopsconfig() {
CONFIG_DIR="$(dirname "$(realpath "$1")")"
while [ ! -f "$CONFIG_DIR/.sops.yaml" ]; do
if [ "$CONFIG_DIR" = "/" ]; then exit 1; fi
CONFIG_DIR="$(dirname "$CONFIG_DIR")"
done
echo "$CONFIG_DIR/.sops.yaml"
} |
file under use-ability:
this may be rtfm fail on my behalf, but i thought the path checking would find my
.sops.yaml
config in heirarchy to the target. This assumption explained:the release: 2.0.10
the setup:
In this scenario, editor proceeds, but saving it carps:
Should it not find the
.sops.yaml
starting from the target file's path?looking closer with strace:
indeed it is going up from my PWD.
Of course this does work fine if i specify location; eg.
sops --config foo/bar/.sops.yaml foo/bar/baz/secrets.yaml
. But it does put the burden on the editor to a) know where the config is and .b) be in the target file's dir.The text was updated successfully, but these errors were encountered: