Open drdaeman opened 5 years ago
Sorry for the scope creep, I was just using Forge quite actively and noticed that whenever I made a mistake in the encrypted templates, they were left on disk unencrypted. So I decided to add one more commit and improve this in the same PR.
On an unrelated note, I'd also like to propose adding base64.b64encrypt
and b64decrypt
functions to the Jinja2 Environment
. Those should be really for generating K8s Secret
s on the fly. However, that would be certainly way out of scope for this PR...
Hello. I'd like to use Forge with Sops but the current implementation from #181 is limited AWS KMS-only. So, naturally, I'd like to propose a slight improvement.
This PR improves
key_check
function to look out for PGP, GCP and Azure environment variables, not just AWS.Also, key checks are removed for decryption (and re-encryption) operations. Sops is smart enough to figure the keys on its own: the encrypted files actually contain all the necessary information. At the very least, just running
sops -d example-enc.yml
without any environment variables set is enough to decrypt it, as long as I have the keys, of course.I've tested my changes and they seem to work with my PGP+GCP KMS Sops-encrypted files without any issues.
Thanks!