Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add --encrypted-selector option #385

Closed
wants to merge 3 commits into from
Closed

add --encrypted-selector option #385

wants to merge 3 commits into from
+98 −0

Conversation

dictcp
Copy link
Contributor

@dictcp dictcp commented Oct 20, 2018

per #368, sometimes we need to pick only a subtree to encrypt (eg. Kubernetes secret). then it should be able to encrypt Kubernetes secret just like https://github.com/shyiko/kubesec

@codecov-io
Copy link

codecov-io commented Oct 20, 2018
edited
Loading

Codecov Report

Merging #385 into master will increase coverage by 0.37%.
The diff coverage is 100%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #385      +/-   ##
==========================================
+ Coverage   45.32%   45.69%   +0.37%     
==========================================
  Files          12       12              
  Lines        1593     1604      +11     
==========================================
+ Hits          722      733      +11     
  Misses        797      797              
  Partials       74       74
Impacted Files Coverage Δ
config/config.go 77.5% <100%> (+0.28%) ⬆️
sops.go 54.69% <100%> (+1.28%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7c72237...457297f. Read the comment docs.

autrilla
autrilla reviewed Oct 20, 2018
View reviewed changes
Copy link
Contributor

@autrilla autrilla left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome, thanks a lot for the patch!

Other than my comments, the only other thing blocking merge is the lack of documentation. It would be nice to include an example of how one might use this for Kubernetes files.

sops_test.go
@@ -133,6 +133,66 @@ func TestEncryptedSuffix(t *testing.T) {
}
}


func TestEncryptedSelector(t *testing.T) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we add test cases for YAML lists?

stores/stores.go
@@ -45,6 +45,7 @@ type Metadata struct {
PGPKeys []pgpkey `yaml:"pgp" json:"pgp"`
UnencryptedSuffix string `yaml:"unencrypted_suffix,omitempty" json:"unencrypted_suffix,omitempty"`
EncryptedSuffix string `yaml:"encrypted_suffix,omitempty" json:"encrypted_suffix,omitempty"`
EncryptedSelector string `yaml:"encrypted_selector,omitempty" json:"encrypted_selector,omitempty"`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: gofmt this file

sops.go
@@ -318,6 +318,13 @@ func (tree Tree) Encrypt(key []byte, cipher Cipher) (string, error) {
}
}
}
if tree.Metadata.EncryptedSelector != "" {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is good, but I think a better approach would be to convert the selector to a []string (in main.go, so the SOPS API itself would take the []string, and the command line will handle conversion) and then compare the slices. It saves us some computations we currently do for every decryption, and more importantly would provide a cleaner API to those using SOPS as a Go library.

What do you think?

cmd/sops/main.go
@@ -429,6 +429,7 @@ func main() {

unencryptedSuffix := c.String("unencrypted-suffix")
encryptedSuffix := c.String("encrypted-suffix")
encryptedSelector := c.String("encrypted-selector")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You need to add the flag to the list of flags here: https://github.com/mozilla/sops/blob/457297faa309c5a0b4536ef5c808b5324e025fb6/cmd/sops/main.go#L409

@jpriebe jpriebe mentioned this pull request Aug 14, 2019
Merged
@jvehent
Copy link
Contributor

jvehent commented Oct 11, 2019

This PR is stale and conflicts with a lot of other files. Should we close it?

@autrilla
Copy link
Contributor

It can be reopened if needed, so I guess so.

@autrilla autrilla closed this Oct 11, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@autrilla autrilla autrilla left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@dictcp @codecov-io @jvehent @autrilla