Open itssimon opened 4 years ago
Is !env
a yaml standard?
We have a note about yaml anchors in the doc which probably applies to this as well (assuming it is a standard):
sops uses the path to a value as additional data in the AEAD encryption, and thus dynamic paths generated by anchors break the authentication step.
Yes, tags are part of the YAML standard. You can read all about it in the official specification.
Tags are different to anchors as they don't change the structure of the data at parse time, so the limitation you mentioned shouldn't apply to tags.
I wanted to chime in and say that YAML anchors and aliases would be a really great feature to support. For instance, I have a YAML file that looks like:
db_pass: &db_pass my_secret_password
app_1:
db_pass: *db_pass
app_2:
db_pass: *db_pass
With sops I encrypt that file and when I open it the values have all been replaced and the anchors are gone. The point of the anchors is to be DRY and only include the value once. Without support I'm forced to repeatedly add the values, which is an issue when they change.
While this is just a generic example I definitely work with more complex yaml files where anchor/alias would be incredibly helpful.
Is it possible to support custom YAML tags?
Currently, these tags get removed by sops and only the plain value ("SOMEVAR") remains.