search

getsops / sops

Simple and flexible tool for managing secrets
https://getsops.io/
Mozilla Public License 2.0
15.77k stars 842 forks source link

Update Documentation for usage with ansible inventory. Parameter: _valid_extensions #1529

Closed ZzenlD closed 3 weeks ago

ZzenlD commented 3 weeks ago

In my ansible inventory i encrypt only some of the variables with the command:

sops —set ‘[“foo_password“] “password_value“‘ host_vars/example_host.yml

My .sops.yml looks like:

creation_rules:
  - age: <my-age-key>
     encrypted_regex: _(password|apikey)$
     mac_only_encrypted: true

The encryption works fine and as expected, but the decryption is not working. In ansible i use the community.sops.sops_vars-plugin and my ansible.cfg looks like:

[defaults]
vars_plugins_enabled = host_group_vars,community.sops.sops

[community.sops]
age_keyfile = <path to key-file>
config_file = <path to config-file>
_valid_extensions = [“.sops.yml“, “.sops.yaml“, “.sops.json“, “.yml“]

If i understood correctly i can say then community.sops.sops_vars-plugin with the parameter _valid_extensions that it should also read my normal yaml-files. But it does not work.

Thanks for your help, maybe i missunderstood something.

felixfontein commented 3 weeks ago

Closing since this is an Ansible question and nothing that affects the SOPS project. Also you did open it as https://github.com/ansible-collections/community.sops/issues/183 as well :)