Comments (8)
From #48 :
The current implementation of SOPS is functionally based. This is good for programs that rely on transforming data. However, it's beginning to get unwieldy with all of the state passing it is doing (e.g.
digest
,iv
,key
, and in #47unencrypted_suffix
).I suggest considering a refactor to swap out the core with something more class based so state is always located on
self
. I will create a gist to provide examples of what I mean.
from sops.
I started re-pitching this idea in #48. Here was an example approach for the tree:
https://gist.github.com/twolfson/d00d88af4c0a68749cf3
from sops.
To be honest, given all the issues we've had deployed sops as a client python app, I'm very tempted to rewrite it in Go and distribute statically compiled binaries. It's not just python 2.7/3 compat' that's the issue, but also dependencies on openssl for the crypto package, and others.
So, before we invest too much time rewriting a lot of the core, maybe we should evaluate the cost of rewriting in Go instead, just for the sake of the discussion.
from sops.
Can you explain further about OpenSSL/crypto for those unfamiliar with the problem (e.g. myself)?
from sops.
On El Capitan, Apple stopped shipping the OpenSSL headers, so to install sops
one needs to first install the cryptography package with the following command: env LDFLAGS="-L$(brew --prefix openssl)/lib" CFLAGS="-I$(brew --prefix openssl)/include" pip install cryptography
.
which is significantly more complex that just running pip install sops
, but there's no way around it.
from sops.
Note that there are several limitations of the YAML support in Go which may make it a bad fit for sops
, namely that the YAML package doesn't preserve comments through round-trips, and that we would need to walk the tree using reflections mostly, which can be painful and slow. Maybe, for the time being, sticking to Python is a better plan.
from sops.
Ah, that is unfortunate. Sorry, I totally skimmed over the OS X instructions in the README.
Throwing out Python for OpenSSL issues sounds like we are throwing the baby out with the bathwater.
Maybe we should consider also bundled Python packages (e.g. distributions which have dependencies in the same package)? requests
does this https://github.com/kennethreitz/requests/tree/v2.9.1/requests/packages
Although, I think we could be wiser and not make them required during development but only as part of distribution (e.g. GitHub releases).
from sops.
We're now 100% Go so this can be closed.
from sops.
Related Issues (20)
- totalvirus detects Trojan.Malware.300983.susgen HOT 3
- Make encrypt, decrypt, rotate, set, and edit proper commands
- ini: Encode duplicate sections
- Is sops open to adding support to more kms services? HOT 3
- --mac-only-encrypted panics on .env files. HOT 15
- SOPS_AGE_KEY doesn't accept space separated keys HOT 2
- mac m1 Use gcp kms encryption and decryption will crash
- Sops removes quotes from keys in YAML HOT 2
- unable to force specific gpg subkey HOT 1
- [Feature Request] Permit allowlisted unencrypted comments
- encrypted_regex for particular nodes in yaml? HOT 4
- `exec-env` does not work when encrypted file is in a parent directory HOT 3
- `Invalid --set format` error when trying to set deeply nested value HOT 11
- sops keyservice via .sops.yaml HOT 1
- Is it possible to encrypt text strings in Python using sops? HOT 2
- Encrypt dotenv file inplace more than once should be failsafe. HOT 11
- GitHub repository does not link to the project website url HOT 1
- CI: add Rust code formatting check (for functional tests) HOT 1
- Error: Failed to get the data key required to decrypt the SOPS file. HOT 1
- Allow easy embedding of sops inside other Go CLI HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sops.