Skip to content

Commit

Permalink
Merge branch 'develop' of https://github.com/mozilla/sops into mozill…
Browse files Browse the repository at this point in the history
…a-develop
  • Loading branch information
nklmilojevic committed Mar 1, 2022
2 parents 56bbf84 + 624c7d0 commit 684d338
Show file tree
Hide file tree
Showing 11 changed files with 74 additions and 41 deletions.
10 changes: 5 additions & 5 deletions .circleci/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,10 @@ workflows:
build-and-deploy:
jobs:
- build
- push:
- push:
filters:
tags:
only: /^v.*/
only: /^v.*/
branches:
ignore: /.*/
jobs:
Expand All @@ -30,7 +30,7 @@ jobs:
resource_class: large
steps:
- checkout
- run:
- run:
name: semver check
command: |
MAJOR=$(echo ${CIRCLE_TAG#v} | cut -d"." -f1)
Expand All @@ -46,8 +46,8 @@ jobs:
This job uses the semver from the git TAG as the public version to publish.
- This should only run on workflows triggered by a tag.
- The tag name should be a semver like 'v1.2.3'
- This should only run on workflows triggered by a tag.
- The tag name should be a semver like 'v1.2.3'
- The version should follow conventions documented at https://github.com/fsaintjacques/semver-tool
EOF
exit 1
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/cli.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,10 +28,10 @@ jobs:
steps:
- name: Install dependencies
run: sudo apt-get update && sudo apt-get install git -y
- name: Set up Go 1.16
- name: Set up Go 1.17
uses: actions/setup-go@v2
with:
go-version: 1.16
go-version: 1.17
id: go
- name: Check out code into the Go module directory
uses: actions/checkout@v2
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,10 @@ jobs:
run: sudo apt-get update && sudo apt-get install git ruby rpm -y
- name: Install fpm
run: gem install fpm || sudo gem install fpm
- name: Set up Go 1.16
- name: Set up Go 1.17
uses: actions/setup-go@v2
with:
go-version: 1.16
go-version: 1.17
id: go
- name: Check out code into the Go module directory
uses: actions/checkout@v2
Expand Down
4 changes: 2 additions & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
FROM golang:1.15
FROM golang:1.17

COPY . /go/src/go.mozilla.org/sops
WORKDIR /go/src/go.mozilla.org/sops

RUN CGO_ENABLED=1 make install
RUN apt-get update
RUN apt-get install -y vim python-pip emacs
RUN apt-get install -y vim python3-pip emacs
RUN pip install awscli
ENV EDITOR vim
3 changes: 2 additions & 1 deletion Dockerfile.alpine
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
FROM golang:1.12-alpine3.10 AS builder
FROM golang:1.17-alpine3.15 AS builder

RUN apk --no-cache add make

Expand All @@ -8,7 +9,7 @@ WORKDIR /go/src/go.mozilla.org/sops
RUN CGO_ENABLED=1 make install


FROM alpine:3.10
FROM alpine:3.15

RUN apk --no-cache add \
vim ca-certificates
Expand Down
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

PROJECT := go.mozilla.org/sops/v3
GO := GO15VENDOREXPERIMENT=1 GO111MODULE=on GOPROXY=https://proxy.golang.org go
GO := GOPROXY=https://proxy.golang.org go
GOLINT := golint

all: test vet generate install functional-tests
Expand Down
8 changes: 1 addition & 7 deletions README.rst
Original file line number Diff line number Diff line change
Expand Up @@ -704,12 +704,6 @@ By default, ``sops`` uses the key server ``keys.openpgp.org`` to retrieve the GP
keys that are not present in the local keyring.
This is no longer configurable. You can learn more about why from this write-up: `SKS Keyserver Network Under Attack <https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f>`_.
Example: place the following in your ``~/.bashrc``
.. code:: bash
SOPS_GPG_KEYSERVER = 'gpg.example.com'
Key groups
~~~~~~~~~~
Expand Down Expand Up @@ -1207,7 +1201,7 @@ This file will not work in sops:
- array
- elements
But this one will because because the ``sops`` key can be added at the same level as the
But this one will work because the ``sops`` key can be added at the same level as the
``data`` key.
.. code:: yaml
Expand Down
3 changes: 0 additions & 3 deletions age/keysource.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,15 +20,12 @@ func init() {
log = logging.NewLogger("AGE")
}

const privateKeySizeLimit = 1 << 24 // 16 MiB

// MasterKey is an age key used to encrypt and decrypt sops' data key.
type MasterKey struct {
Identity string // a Bech32-encoded private key
Recipient string // a Bech32-encoded public key
EncryptedKey string // a sops data key encrypted with age

parsedIdentity *age.X25519Identity // a parsed age private key
parsedRecipient *age.X25519Recipient // a parsed age public key
}

Expand Down
2 changes: 1 addition & 1 deletion example.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ this:
somelist_unencrypted:
- all elements of this list
- remain in clear text
- because of the _encrypted suffix in the key
- because of the _unencrypted suffix in the key
nested_unencrypted:
this:
is:
Expand Down
70 changes: 55 additions & 15 deletions go.mod
Original file line number Diff line number Diff line change
@@ -1,42 +1,28 @@
module go.mozilla.org/sops/v3

go 1.13
go 1.17

require (
cloud.google.com/go v0.43.0
filippo.io/age v1.0.0-beta7
github.com/Azure/azure-sdk-for-go v31.2.0+incompatible
github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 // indirect
github.com/Azure/go-autorest/autorest v0.9.0
github.com/Azure/go-autorest/autorest/azure/auth v0.1.0
github.com/Azure/go-autorest/autorest/to v0.3.0 // indirect
github.com/Azure/go-autorest/autorest/validation v0.2.0 // indirect
github.com/Microsoft/go-winio v0.4.14 // indirect
github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 // indirect
github.com/aws/aws-sdk-go v1.37.18
github.com/blang/semver v3.5.1+incompatible
github.com/cenkalti/backoff v2.2.1+incompatible // indirect
github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc // indirect
github.com/docker/go-connections v0.4.0 // indirect
github.com/docker/go-units v0.4.0 // indirect
github.com/fatih/color v1.7.0
github.com/golang/protobuf v1.4.1
github.com/google/go-cmp v0.5.0
github.com/google/shlex v0.0.0-20181106134648-c34317bd91bf
github.com/gotestyourself/gotestyourself v2.2.0+incompatible // indirect
github.com/goware/prefixer v0.0.0-20160118172347-395022866408
github.com/hashicorp/vault/api v1.0.4
github.com/howeyc/gopass v0.0.0-20170109162249-bf9dde6d0d2c
github.com/lib/pq v1.2.0
github.com/mitchellh/go-homedir v1.1.0
github.com/mitchellh/go-wordwrap v1.0.0
github.com/opencontainers/go-digest v1.0.0-rc1 // indirect
github.com/opencontainers/image-spec v1.0.1 // indirect
github.com/opencontainers/runc v0.1.1 // indirect
github.com/ory/dockertest v3.3.4+incompatible
github.com/pkg/errors v0.9.1
github.com/sirupsen/logrus v1.4.2
github.com/smartystreets/goconvey v0.0.0-20190710185942-9d28bd7c0945 // indirect
github.com/stretchr/testify v1.5.1
go.mozilla.org/gopgagent v0.0.0-20170926210634-4d7ea76ff71a
golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83
Expand All @@ -49,5 +35,59 @@ require (
gopkg.in/ini.v1 v1.44.0
gopkg.in/urfave/cli.v1 v1.20.0
gopkg.in/yaml.v3 v3.0.0-20210107172259-749611fa9fcc
)

require (
github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 // indirect
github.com/Azure/go-autorest/autorest/adal v0.5.0 // indirect
github.com/Azure/go-autorest/autorest/azure/cli v0.1.0 // indirect
github.com/Azure/go-autorest/autorest/date v0.1.0 // indirect
github.com/Azure/go-autorest/autorest/to v0.3.0 // indirect
github.com/Azure/go-autorest/autorest/validation v0.2.0 // indirect
github.com/Azure/go-autorest/logger v0.1.0 // indirect
github.com/Azure/go-autorest/tracing v0.5.0 // indirect
github.com/Microsoft/go-winio v0.4.14 // indirect
github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 // indirect
github.com/cenkalti/backoff v2.2.1+incompatible // indirect
github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/dgrijalva/jwt-go v3.2.0+incompatible // indirect
github.com/dimchansky/utfbom v1.1.0 // indirect
github.com/docker/go-connections v0.4.0 // indirect
github.com/docker/go-units v0.4.0 // indirect
github.com/golang/snappy v0.0.1 // indirect
github.com/googleapis/gax-go/v2 v2.0.5 // indirect
github.com/gotestyourself/gotestyourself v2.2.0+incompatible // indirect
github.com/hashicorp/errwrap v1.0.0 // indirect
github.com/hashicorp/go-cleanhttp v0.5.1 // indirect
github.com/hashicorp/go-multierror v1.0.0 // indirect
github.com/hashicorp/go-retryablehttp v0.5.4 // indirect
github.com/hashicorp/go-rootcerts v1.0.1 // indirect
github.com/hashicorp/go-sockaddr v1.0.2 // indirect
github.com/hashicorp/golang-lru v0.5.1 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect
github.com/hashicorp/vault/sdk v0.1.13 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/konsorten/go-windows-terminal-sequences v1.0.1 // indirect
github.com/mattn/go-colorable v0.0.9 // indirect
github.com/mattn/go-isatty v0.0.3 // indirect
github.com/mitchellh/mapstructure v1.1.2 // indirect
github.com/opencontainers/go-digest v1.0.0-rc1 // indirect
github.com/opencontainers/image-spec v1.0.1 // indirect
github.com/opencontainers/runc v0.1.1 // indirect
github.com/pierrec/lz4 v2.0.5+incompatible // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/ryanuber/go-glob v1.0.0 // indirect
github.com/sergi/go-diff v1.1.0 // indirect
github.com/smartystreets/goconvey v0.0.0-20190710185942-9d28bd7c0945 // indirect
github.com/stretchr/objx v0.1.1 // indirect
go.opencensus.io v0.22.0 // indirect
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221 // indirect
golang.org/x/text v0.3.3 // indirect
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 // indirect
google.golang.org/appengine v1.6.1 // indirect
google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013 // indirect
gopkg.in/square/go-jose.v2 v2.3.1 // indirect
gopkg.in/yaml.v2 v2.2.8 // indirect
gotest.tools v2.2.0+incompatible // indirect
)
5 changes: 3 additions & 2 deletions hcvault/keysource_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,8 @@ func TestMain(m *testing.M) {
logger.Fatalf("Could not start resource: %s", err)
}

os.Setenv("VAULT_ADDR", fmt.Sprintf("http://127.0.0.1:%v", resource.GetPort("8200/tcp")))
vaultAddr := fmt.Sprintf("http://%s", resource.GetHostPort("8200/tcp"))
os.Setenv("VAULT_ADDR", vaultAddr)
os.Setenv("VAULT_TOKEN", "secret")
// exponential backoff-retry, because the application in the container might not be ready to accept connections yet
if err := pool.Retry(func() error {
Expand All @@ -45,7 +46,7 @@ func TestMain(m *testing.M) {
logger.Fatalf("Could not connect to docker: %s", err)
}

key := NewMasterKey(fmt.Sprintf("http://127.0.0.1:%v", resource.GetPort("8200/tcp")), "sops", "main")
key := NewMasterKey(vaultAddr, "sops", "main")
err = key.createVaultTransitAndKey()
if err != nil {
logger.Fatal(err)
Expand Down

0 comments on commit 684d338

Please sign in to comment.