Comments (8)
SOPS generally preserves the YAML key order, appends the sops
key at the bottom of the first YAML document, and uses its internal order when serializing the value of the sops
key. If you prefer keys to be ordered alphabetically, you need to postprocess the SOPS encrypted file with another tool to achieve this.
from sops.
SOPS generally preserves the YAML key order, appends the
sops
key at the bottom of the first YAML document, and uses its internal order when serializing the value of thesops
key. If you prefer keys to be ordered alphabetically, you need to postprocess the SOPS encrypted file with another tool to achieve this.
But even Inside the "sops:" part the elements are not arranged alphabetically, kms appears before age or azure_kv, can you explain this behaviour?
I perosnally think SOPS should provide the option to arrange elements to be the same as they are in K8S, this is a K8S tool and this small ordering change will much improve the developer experience.
from sops.
I did:
and uses its internal order when serializing the value of the
sops
key
The internal ordering is not alphabetical.
Also: SOPS is not a K8S tool.
from sops.
I'm sorry for the misunderstanding, I understand that the internal order is not alphabetical what I meant to to ask was "why must it be like this?", is the change I'm requesting harmful to the process somehow? as a user of SOPS I would like it very much and it does not seem like a big hassle, what am I missing?
from sops.
It doesn't have to be like this for the sops
key. But note that any change will lead to unnecessary git history changes anytime someone updates an already SOPS encrypted file. That's why changing the order is a bad idea, if there isn't an important reason.
I guess we could make it configurable, but that's something that needs to be implemented first. (It's also not that trivial since YAML keys don't have to be strings. So you need a total order that covers all possible key types.)
from sops.
I would have thought that having a fully symmetrical process would be a good solid reason, am I the only one who finds great value in being able to read the decrypted value straight from the K8S cluster without needing the original encrypted file that was applied?
from sops.
I guess you aren't the only one, but don't forget about non-K8S users which do not sort their YAML files alphabetically.
from sops.
I fail to see how non-K8S users would suffer from this change, all I see is benefit, maybe I'm missing something.
from sops.
Related Issues (20)
- Add Support for HashiCorp Vault Namespace in Secret's Metadata
- sops command doesn't read --aws-profile flag value
- sops encryption/decryption with age key doesn't work for Python ini Files with [DEFAULT] section HOT 4
- New patch version please HOT 2
- Main project page getsops/sops never loads because of README rendering issue HOT 3
- hc-vault: Support for kubernetes auth HOT 1
- Support encryption with x.509 cert in win certmgr
- Allow to encrypt specific nodes in a file with specific keys (muliple matching creation_rules) HOT 3
- Different AWS profiles are ignored when using multiple KMS keys
- exec-env/exec-file: support "--" to separate command to run HOT 4
- Can't use docker compose and sops together HOT 3
- `sops execfile` filename should not have a random suffix appended in --no-fifo mode HOT 2
- diff shows entire file has changed HOT 1
- [question] Where is the documentation? HOT 2
- ForbiddenByRbac when using azure key vault backend with version 3.8+
- "$" in code examples in Readme prevents simple copy/paste HOT 1
- When we encrypt our values it updates all variables HOT 1
- Decrypt doesn't handle multiple files / bulk operations
- panic: runtime error: invalid memory address or nil pointer dereference when using updatekeys HOT 11
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sops.