sopstool cannot decrypt with absolute path + configfile path option

[blimmer]

I have a ruby project directory that looks like this:

my_gem
├── .sops.yaml
├── lib
│   └── my_gem.rb
└── secrets
    └── my_secrets.sops.yaml

from within the my_gem directory, I can decrypt using this command

sopstool decrypt secrets/my_secrets.sops.yaml

However, I can't decrypt that same file when using an absolute path

sopstool decrypt /src/my_gem/secrets/my_secrets.sops.yaml --configpath /src/my_gem

This seems to have something to do with the .sops.yaml configuration. This is the configuration where I was experiencing the problem:

creation_rules:
- kms: ...snip...
encrypted_files:
- secrets/deployment.yaml

If I change the encrypted_files to the absolute path, it starts working

encrypted_files:
- /src/my_gem/secrets/deployment.yaml

[onyxraven]

Yep, I have a feeling that the pathing isn't too smart. Ultimately sopstool should resolve every path added/used as relative to .sops.yml wherever it is (hopefully including ../). At a minimum it should resolve it as direct-ancestor of .sops.yml regardless of the cwd