Amod02-prog
commented
2 years ago Hi, I would like to contribute on this issue . Could you please mention/tag the exact location where breakdown needs to be fixed .
Open smoyer64 opened 2 years ago
Amod02-prog
commented
2 years ago Hi, I would like to contribute on this issue . Could you please mention/tag the exact location where breakdown needs to be fixed .
brookman1
commented
1 month ago This is the furthest I got from following what you did is the missing cmp and sliceserror. Here is what my process was:
You likely just need Step 3 for the latest version of sops
$ go install github.com/getsops/sops/v3@latestpython3.11-dev and python3,11-pip.# Download the binary
curl -LO https://github.com/getsops/sops/releases/download/v3.9.0/sops-v3.9.0.linux.amd64
# Move the binary in to your PATH
mv sops-v3.9.0.linux.amd64 /usr/local/bin/sops
# Make the binary executable
chmod +x /usr/local/bin/sopTIP 1: do check the checksums.
TIP 2: use sha256 directly, the cosign installs similar to sops, there is no way to know what you are getting from wget.
user_name@host:~$ go install github.com/getsops/sops/v3@latest package github.com/getsops/sops/v3 is not a main package go/pkg/mod/go.opentelemetry.io/otel@v1.27.0/attribute/set.go:7:2: package cmp is not in GOROOT (/usr/lib/go-1.18/src/cmp) go/pkg/mod/go.opentelemetry.io/otel@v1.27.0/attribute/set.go:10:2: package slices is not in GOROOT (/usr/lib/go-1.18/src/slices)
From here: https://pypi.org/project/sops/ got:
sudo pip install sops
user_name@hostname:~/sops$ sops --help
usage: sops <file>
SOPS - encrypted files editor that uses AWS KMS and PGP
positional arguments:
file file to edit; create it if it doesn't exist
options:
-h, --help show this help message and exit
-k KMSARN, --kms KMSARN
comma separated list of KMS ARNs
-p PGPFP, --pgp PGPFP
comma separated list of PGP fingerprints
-d, --decrypt decrypt <file> and print it to stdout
-e, --encrypt encrypt <file> and print it to stdout
-r, --rotate generate a new data encryption key and reencrypt all values with the new key
-i, --in-place write output back to <file> instead of stdout for encrypt/decrypt
--extract TREE_PATH extract a specific key or branch from the input JSON or YAML document. (decrypt mode
only). ex: --extract '["somekey"][0]'
--set SET SET set a specific key or branch in the input JSON or YAML document. value must be a
json encoded string. (edit mode only).ex: --set '["somekey"][0]'
'{"somevalue":true}'
--input-type INPUT_TYPE
input type (yaml, json, ...), if undef, use file extension
--output-type OUTPUT_TYPE
output type (yaml, json, ...), if undef, use input type
-s, --show_master_keys
display master encryption keys in the file during editing (off by default).
--add-kms ADD_KMS Add the given comma separated KMS ARNs to the list of master keys on an existing
file.
--rm-kms RM_KMS Remove the given comma separated KMS ARNs from the list of master keys on an
existing file.
--add-pgp ADD_PGP Add the given comma separated PGP fingerprint to the list of master keys on an
existing file.
--rm-pgp RM_PGP Remove the given comma separated PGP fingerprint from the list of master keys on an
existing file.
--ignore-mac ignore Message Authentication Code during decryption
--unencrypted-suffix UNENCRYPTED_SUFFIX
override unencrypted key suffix (default: _unencrypted)
--config CONFIG_LOC path to config file, disable recursive search (default: .sops.yaml)
--encryption-context KMSCONTEXT
comma separated list of KMS encryption context key-value pairs
-V, -v, --version show program's version number and exit
`sops` supports AWS KMS and PGP encryption:
* To encrypt or decrypt a document with AWS KMS, specify the KMS ARN
in the `-k` flag or in the ``SOPS_KMS_ARN`` environment variable.
(you need valid credentials in ~/.aws/credentials or in your env)
* To encrypt or decrypt using PGP, specify the PGP fingerprint in the
`-p` flag or in the ``SOPS_PGP_FP`` environment variable.
To use multiple KMS or PGP keys, separate them by commas. For example:
$ sops -p "10F2[...]0A, 85D[...]B3F21" file.yaml
The -p and -k flags are ignored if the document already contains master
keys. To add/remove master keys in existing documents, open then with -s
and edit the `sops` branch directly.
You can change which GPG binary is used by setting $SOPS_GPG_EXEC in env.
By default, editing is done in vim, and will use the $EDITOR env if set.
Version 1.18 - See the Readme at github.com/mozilla/sops
felixfontein
commented
1 month ago I know too liittle about go install to comment on that, but: don't use https://pypi.org/project/sops/ - that is deprecated and totally outdated. (I wish the ones who have access to it would mark it as deprecated.)
brookman1
commented
1 month ago This is the likely go package that we are trying to work with: go install github.com/getsops/sops/v3@latest
Thanks.
The installation instructions at
https://go.mozilla.org/sopsstates that SOPS installation should be performed using:The
go getcommand has been deprecated for installing binaries (and can lead to dependency issues) so the correct installation command is now:or for a specific version:
As an aside, it would be nice to reference this installation method in the README - for those of us with Go already installed, it's simpler than downloading the binary, creating sym-links and setting executable flags.