SOPS easy edit

Once you have SOPS setup for your GIT project, it can be a pain in the behind trying to not forget decrypting SOPS encrypted files before editing, and encrypting them again before committing.

This extension makes sure you don't have to think about that anymore. It will allow you to only see and edit decrypted files, but only save and commit the encrypted versions.

But How?

This extension is built to facilitate the following:

• Easy update of SOPS encrypted files, without the need to manually decrypt/encrypt
• Ensuring no decrypted files accidentally are either committed OR left on disk

It does so by doing the following:

• Whenever you try to open a SOPS encrypted file *, the extension does the following:
  • The encrypted file is immediately closed
  • The file is decrypted to a [filename].tmp.[extension] copy, which is opened instead
• Updating the tmp file will result in an updated, original SOPS encrypted file
• Closing the tmp file will automatically delete the tmp file as well, making sure decrypted data never stays on disk and is never accidentally committed

* I.e., any file that satisfies any of the combinations of .sops.yaml file paths and their path_regex conditions.

NOTE: It is still possible to edit the SOPS encrypted file directly, if desired, by right-mouse-clicking the encrypted file in the left explorer bar, and selecting SOPS: edit directly.

Requirements

• You need SOPS installed and configured, including:
  • setting up the authentication with desired encryption services
  • configuration of .sops.yaml files

Recommendations

• It is highly recommended to add the pattern for the tmp files (**/*.tmp.[extension]) to your .gitignore file, to ensure a decrypted file is never ever committed.

Contributions

Event listeners

This extension adds the following event listeners:

• Checks for every opened text document if it is a SOPS encrypted file, and if so, applies logic as explained in But How?.
• Checks for every saved document:
  • if it is a decrypted TMP file, and if so, saves and encrypts changes to original SOPS encrypted file
  • if it is an opened encryptable or encrypted file, and if so, updates showing of Encrypt/Decrypt buttons
• Checks for every closed document if it is a decrypted TMP file, and if so, deletes it.
• Check if the currently active text editor is an encrypted or encryptable file, and if so, adds Decrypt or Encrypt button to its top-right editor menu.

Editor menu buttons

This extension adds the following buttons to the top-right editor menu of every SOPS encrypted or encryptable file *:

• Decrypt
  • Decrypts the file in-place
  • Only shown when file is SOPS encrypted
• Encrypt
  • Encrypts the file in-place
  • Only shown when file is encryptable but not actually encrypted

* I.e., any file that satisfies any of the combinations of .sops.yaml file paths and their path_regex conditions.

Right-mouse buttons

This extension adds the following right-mouse-menu button to any yaml/yml/json/env/ini/txt file:

• SOPS: edit directly
  • Allows you to see and edit the SOPS encrypted file directly, without the extension closing it immediately (which is the new 'normal' behaviour).

Settings

This extension adds the following settings:

• Temp File Pre Extension
  • Allows you to change the default tmp pre-extension to something different
• Only Use Buttons
  • Allows you to not get the auto-decrypt and encrypt behaviour, but only use the decrypt/encrypt buttons instead

Limitations

This extension has the following limitations:

• Only SOPS config files named .sops.yaml are taken into account
• The SOPS: edit directly button is only available to yaml/yml/json/env/ini/txt files. Other SOPS encrypted files are rendered impossible to be edited directly by installing this extension.
• SOPS encryption is only checked for files smaller than 1MB
  • Encrypted or encryptable files larger than this will be completely ignored by this extension

This extension does NOT do or help with any of the following:

• Installation of SOPS
• Login or authentication with encryption services
• Configuration of .sops.yaml files

Dependencies

This extension happily makes use of the following outstanding npm packages:

• File System API
• Child process
• ini
• eemeli's excellent yaml package