Unable to pass --keyservice in .sops.conf or as an env variable (feature) #583
Comments
|
Why do you need to use |
|
I am using a yubikey for all the secrets but I am automating the deployment inside docker containers for any of my colleagues to be able to redeploy without having to install dependencies. In fact we had issues in the past with cross dependencies so we are trying the approach of using dockers for all deployment clients. In this case, I can easily set the keyservice sops daemon in my working laptop where my yubikey is plugged in unix:///tmp/sops.sock so I just mount it in the same location when spawning the docker container which will deploy all the k8s infrastructure. Sops works great, but when using helm secrets I cannot pass the keyservice config variable to sops. And in fact I am using helmfile, which makes it even harder. Either options ENV variable or config file will make it possible. |
|
Ok, yeah that makes sense. Then yeah, I support this. In my opinion, I think an env var would be preferable. |
|
Both options are good. In fact, sops supports the --keyservice several times, so if passing in an ENV var, it will need to support a list of keyservices (with some kind of separator, maybe a "," ). |
Small feature request. I am using helmfile for the deployment of our k8s infrastructure and wanted to use sops for encryption of secrets. I need to use the --keyservice but as I am calling sops inside a wrapper (helmfile) of a wrapper (helm secrets) I cannot pass this variable to sops in a clean way.
Could you provide an alternative way to provide this option to sops in the .sops.conf and/or in an ENV variable?
The text was updated successfully, but these errors were encountered: