Open chris3ware opened 2 years ago
doesn't seem to work with version: 3.8.1
always uses the first key in the recipients file. This would come in really handy when working in a team.
I would love to have that working. I'm interested in taking a look and see if I can draft a PR.
I too was looking to use sops/age for our team, but setting all the possible public keys in a SOPS_AGE_RECIPIENTS
for every team member seems awkward when age support the recipients-file
we can put in a repo to share.
@chriscarpenter12 why not simply put them in .sops.yaml
and store that in the root of the repo that should contain the SOPS encrypted files?
Is there an example of all the options in the .sops.yaml
file? I didn’t see an example of what you’re describing. I’m new to sops and it seemed the age config was through env vars from the readme.
Here's a small example:
creation_rules:
- age: >-
age1yt3tfqlfrwdwx0z0ynwplcr6qxcxfaqycuprpmy89nr83ltx74tqdpszlw,
age129h70qwx39k7h5x6l9hg566nwm53527zvamre8vep9e3plsm44uqgy8gla,
age129h70qwx39k7h5x6l9hg56qxcxfaqycuprpmy89nr83ltx74tqdpszlw
(A more complex one: https://github.com/getsops/sops?tab=readme-ov-file#using-sopsyaml-conf-to-select-kms-pgp-and-age-for-new-files)
I wondered if being able to encrypt a file with multiple age public keys (recipients) could be done by using the age recipients file as well as passing multiple comma separated keys?
This can be achieved natively with age by passing the
-R, --recipients-file PATH
argument.