Sops swallows YAML comment of each first key:value pair

[perry123456]

I'm used to extensively describe the contents of my YAML files with comments. But with sops I have the problem, that each comment line, which is located right above of a key-value-pair which stands on top of a hierarchy level, disappears when the yaml file gets encrypted with sops.

1. My environment:
   Windows 10
   Sops version 3.1.1

2. My document in clear text:

# level 1, pos 1 comment
key1: value
# level 1, pos 2 comment
key2: value
# level 1, pos 3 comment
key3:
    # level 2, pos 1 comment
    key1: value
    # level 2, pos 2 comment
    key2: value

3. The encrypted document (without sops meta data):

key1: ENC[AES256_GCM,data:UwPZMFg=,iv:xPdFZTYT6sYQn6OCPKeqw00EcqAif9VUuBPz6VEb+vU=,tag:0ciGE608lqo+AcrM63zz+A==,type:str]
#ENC[AES256_GCM,data:bAnAxvnHLi4UoPBALf9S/piTuJg7vko=,iv:kEoo5qeUnO0q9gYdx34kUSryuOfCG0BbTVVVkRVjeq8=,tag:YHhn21H+AQPTzV400+p1Fg==,type:comment]
key2: ENC[AES256_GCM,data:kRPrHrE=,iv:+Q1byOFYvVM5rjzZYOGldCRpWPv7r+Ih4H/xsO+u9FI=,tag:U0u0zq6kJjjPbwSnkLkQYg==,type:str]
#ENC[AES256_GCM,data:zO9n8/aQ2qhyhMWRvcZfB632pUOoEjk=,iv:Ah8H79x3eVJbRtCBwvrzDSoYCzy2WCcuJEJ5B1/EQN0=,tag:dEtOiCgw8sD0eeHn/BkVmA==,type:comment]
#ENC[AES256_GCM,data:9HDfsvGdJQAW9qw6Z7t6x8yTT5LFgCQ=,iv:sALPLPo4IZrKfA2X4VqSPlnSppOfou5IW3/2+IQac3U=,tag:7xzhSZgKKMAkU+DN4Eo6lw==,type:comment]
key3:
    key1: ENC[AES256_GCM,data:lHvpmKc=,iv:a5eaxNvCWDAlyXT3yf3c/7sP3WVm7GjwwfKQ14NgGDY=,tag:yCEeeji7+5D2ySlzWCA8RA==,type:str]
    #ENC[AES256_GCM,data:CKG9iEaVd63bbRPgylCdz3aiA34pSlc=,iv:Z6blU40o57uJ1juFrmn88vmAPQMCGkBzp2gPsYl7QSQ=,tag:gA6COjpAJkO9oFJom+MLpg==,type:comment]
    key2: ENC[AES256_GCM,data:cIQYAL8=,iv:TA+tkLZ9fFcJki4Ngnvvgh8zd+lWn9vTaBm4W2EmR0Q=,tag:+IUxoYRMUjnytkhEJRN2JQ==,type:str]

Please note that the comment lines "# level 1, pos 1 comment" and "# level 2, pos 1 comment" are already missing here in the encrypted document.

4. The actual decrypted document:

key1: value
# level 1, pos 2 comment
key2: value
# level 1, pos 3 comment
# level 2, pos 1 comment
key3:
    key1: value
    # level 2, pos 2 comment
    key2: value

Please note the missing comment lines "# level 1, pos 1 comment" and "# level 2, pos 1 comment".

5. The expected decrypted document:
   The same document as shown above under 2).

6. My workaround:
   I'm adding dummy key-value-pairs as the first line on each hierarchy level, like this:

protect: the comment below from sops encryption
# level 1, pos 1 comment
key1: value
# level 1, pos 2 comment
key2: value
# level 1, pos 3 comment
key3:
    protect: the comment below from sops encryption
    # level 2, pos 1 comment
    key1: value
    # level 2, pos 2 comment
    key2: value

The downside of this workaround is that I'm seeing the "protect: the comment below from sops encryption" key-value-pairs in my configuration target environment (the receiver of the yaml file) which is a bit confusing because these keys have nothing to do with the target environment.

It would be great if someone could fix this issue.
Thanks.

[autrilla]

This is a known issue. See #374. It's not easy to fix, and I don't think I or anyone at Mozilla who works on SOPS has time to fix this, but we would definitely review a patch that fixes this issue.

Apparently there is no open bug for this, so I'm leaving this open.

[dkotik]

Nobody fixes in 2 years. I suppose I will try to look at it next week.

[autrilla]

I think @felixfontein might have fixed this in the develop branch.

[felixfontein]

The solution in #791 also fixes it. (With the fix for yaml.v3 the cross-document jumping of comments will also go away...)