Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Polish the 'sops help' output a bit #1341

Merged
merged 1 commit into from
Dec 15, 2023
+28 −20
Merged

Polish the 'sops help' output a bit #1341

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
48 changes: 28 additions & 20 deletions cmd/sops/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,8 @@ func main() {
{Name: "Adrian Utrilla", Email: "adrianutrilla@gmail.com"},
{Name: "Julien Vehent", Email: "jvehent@mozilla.com"},
}
app.UsageText = `sops is an editor of encrypted files that supports AWS KMS and PGP
app.UsageText = `sops is an editor of encrypted files that supports AWS KMS, GCP, AZKV,
PGP, and Age

To encrypt or decrypt a document with AWS KMS, specify the KMS ARN
in the -k flag or in the SOPS_KMS_ARN environment variable.
Expand All @@ -80,44 +81,51 @@ func main() {
To encrypt or decrypt a document with GCP KMS, specify the
GCP KMS resource ID in the --gcp-kms flag or in the SOPS_GCP_KMS_IDS
environment variable.
(you need to setup google application default credentials. See
(You need to setup Google application default credentials. See
https://developers.google.com/identity/protocols/application-default-credentials)


To encrypt or decrypt a document with HashiCorp Vault's Transit Secret Engine, specify the
Vault key URI name in the --hc-vault-transit flag or in the SOPS_VAULT_URIS environment variable (eg. https://vault.example.org:8200/v1/transit/keys/dev
where 'https://vault.example.org:8200' is the vault server, 'transit' the enginePath, and 'dev' is the name of the key )
environment variable.
(you need to enable the Transit Secrets Engine in Vault. See
https://www.vaultproject.io/docs/secrets/transit/index.html)
To encrypt or decrypt a document with HashiCorp Vault's Transit Secret
Engine, specify the Vault key URI name in the --hc-vault-transit flag
or in the SOPS_VAULT_URIS environment variable (for example
https://vault.example.org:8200/v1/transit/keys/dev, where
'https://vault.example.org:8200' is the vault server, 'transit' the
enginePath, and 'dev' is the name of the key).
(You need to enable the Transit Secrets Engine in Vault. See
https://www.vaultproject.io/docs/secrets/transit/index.html)

To encrypt or decrypt a document with Azure Key Vault, specify the
Azure Key Vault key URL in the --azure-kv flag or in the SOPS_AZURE_KEYVAULT_URL
environment variable.
(authentication is based on environment variables, see
Azure Key Vault key URL in the --azure-kv flag or in the
SOPS_AZURE_KEYVAULT_URL environment variable.
(Authentication is based on environment variables, see
https://docs.microsoft.com/en-us/go/azure/azure-sdk-go-authorization#use-environment-based-authentication.
The user/sp needs the key/encrypt and key/decrypt permissions)
The user/sp needs the key/encrypt and key/decrypt permissions.)

To encrypt or decrypt using age, specify the recipient in the -a flag, or
in the SOPS_AGE_RECIPIENTS environment variable.
To encrypt or decrypt using age, specify the recipient in the -a flag,
or in the SOPS_AGE_RECIPIENTS environment variable.

To encrypt or decrypt using PGP, specify the PGP fingerprint in the
-p flag or in the SOPS_PGP_FP environment variable.

To use multiple KMS or PGP keys, separate them by commas. For example:
$ sops -p "10F2...0A, 85D...B3F21" file.yaml

The -p, -k, --gcp-kms, --hc-vault-transit and --azure-kv flags are only used to encrypt new documents. Editing
or decrypting existing documents can be done with "sops file" or
"sops -d file" respectively. The KMS and PGP keys listed in the encrypted
documents are used then. To manage master keys in existing documents, use
the "add-{kms,pgp,gcp-kms,azure-kv,hc-vault-transit}" and "rm-{kms,pgp,gcp-kms,azure-kv,hc-vault-transit}" flags.
The -p, -k, --gcp-kms, --hc-vault-transit, and --azure-kv flags are only
used to encrypt new documents. Editing or decrypting existing documents
can be done with "sops file" or "sops -d file" respectively. The KMS and
PGP keys listed in the encrypted documents are used then. To manage master
keys in existing documents, use the "add-{kms,pgp,gcp-kms,azure-kv,hc-vault-transit}"
and "rm-{kms,pgp,gcp-kms,azure-kv,hc-vault-transit}" flags with --rotate
or the updatekeys command.

To use a different GPG binary than the one in your PATH, set SOPS_GPG_EXEC.

To select a different editor than the default (vim), set EDITOR.

For more information, see the README at github.com/mozilla/sops`
Note that flags must always be provided before the filename to operate on.
Otherwise, they will be ignored.

For more information, see the README at https://github.com/getsops/sops`
app.EnableBashCompletion = true
app.Commands = []cli.Command{
{
Expand Down
Loading