When using sopstool to decrypt every secret in the folder defined in the .sops.yaml file via sopstool d, it allows for decryption and editing of the secrets. However, once the secrets are edited and we want to re-encrypt all of them, there is no direct command provided. Currently, the available command is sopstool add, but it throws an error when trying to re-encrypt a file that already exists in .sops.yaml. As a workaround, one has to manually delete the entry from .sops.yaml before being able to add and re-encrypt the secret again.
There is also the sopstool edit command which allows opening an encrypted file in an editor, and post-editing and saving, it re-encrypts the file. However, this method is not practical when editing multiple secrets as it requires the user to open each file individually.
Expected Behavior
Ideally, sopstool should provide a straightforward method to re-encrypt all the decrypted files without the need to manually edit the .sops.yaml file. It should either have a dedicated command for this purpose or the existing sopstool add should be able to handle the re-encryption without errors. For workflows involving the editing of multiple secrets, there should be an efficient method to decrypt, edit, and re-encrypt all files seamlessly.
Steps to reproduce
Use sopstool to decrypt all secrets in the folder specified in .sops.yaml using the command sopstool d.
Edit any of the decrypted files.
Attempt to re-encrypt the edited files using sopstool add.
Observe the error complaining about the existing entry in .sops.yaml.
Manually delete the problematic entry from .sops.yaml.
Try re-encrypting the file again using sopstool add.
Additionally, try using sopstool edit for a single file and note that while it works for individual files, it's not practical for multiple files.
OS: Linux
sops version: 3.7.3
sopstool version: v1.2.1
Current Behavior
When using
sopstoolto decrypt every secret in the folder defined in the.sops.yamlfile viasopstool d, it allows for decryption and editing of the secrets. However, once the secrets are edited and we want to re-encrypt all of them, there is no direct command provided. Currently, the available command issopstool add, but it throws an error when trying to re-encrypt a file that already exists in.sops.yaml. As a workaround, one has to manually delete the entry from.sops.yamlbefore being able to add and re-encrypt the secret again.There is also the
sopstool editcommand which allows opening an encrypted file in an editor, and post-editing and saving, it re-encrypts the file. However, this method is not practical when editing multiple secrets as it requires the user to open each file individually.Expected Behavior
Ideally,
sopstoolshould provide a straightforward method to re-encrypt all the decrypted files without the need to manually edit the.sops.yamlfile. It should either have a dedicated command for this purpose or the existingsopstool addshould be able to handle the re-encryption without errors. For workflows involving the editing of multiple secrets, there should be an efficient method to decrypt, edit, and re-encrypt all files seamlessly.Steps to reproduce
sopstoolto decrypt all secrets in the folder specified in.sops.yamlusing the commandsopstool d.sopstool add..sops.yaml..sops.yaml.sopstool add.sopstool editfor a single file and note that while it works for individual files, it's not practical for multiple files.OS: Linux sops version: 3.7.3 sopstool version: v1.2.1