alxndr13
commented
6 months ago doesn't seem to work with version: 3.8.1
always uses the first key in the recipients file. This would come in really handy when working in a team.
Open chris3ware opened 2 years ago
alxndr13
commented
6 months ago doesn't seem to work with version: 3.8.1
always uses the first key in the recipients file. This would come in really handy when working in a team.
wesbragagt
commented
4 months ago I would love to have that working. I'm interested in taking a look and see if I can draft a PR.
chriscarpenter12
commented
4 months ago I too was looking to use sops/age for our team, but setting all the possible public keys in a SOPS_AGE_RECIPIENTS for every team member seems awkward when age support the recipients-file we can put in a repo to share.
felixfontein
commented
4 months ago @chriscarpenter12 why not simply put them in .sops.yaml and store that in the root of the repo that should contain the SOPS encrypted files?
chriscarpenter12
commented
4 months ago Is there an example of all the options in the .sops.yaml file? I didn’t see an example of what you’re describing. I’m new to sops and it seemed the age config was through env vars from the readme.
felixfontein
commented
4 months ago Here's a small example:
creation_rules:
- age: >-
age1yt3tfqlfrwdwx0z0ynwplcr6qxcxfaqycuprpmy89nr83ltx74tqdpszlw,
age129h70qwx39k7h5x6l9hg566nwm53527zvamre8vep9e3plsm44uqgy8gla,
age129h70qwx39k7h5x6l9hg56qxcxfaqycuprpmy89nr83ltx74tqdpszlw(A more complex one: https://github.com/getsops/sops?tab=readme-ov-file#using-sopsyaml-conf-to-select-kms-pgp-and-age-for-new-files)
I wondered if being able to encrypt a file with multiple age public keys (recipients) could be done by using the age recipients file as well as passing multiple comma separated keys?
This can be achieved natively with age by passing the
-R, --recipients-file PATHargument.