Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Request for skipping keys in YAML that match encrypted_regex but are in plaintext #1680

Open
vlasov-y opened this issue Nov 20, 2024 · 0 comments
Open

Request for skipping keys in YAML that match encrypted_regex but are in plaintext #1680

vlasov-y opened this issue Nov 20, 2024 · 0 comments

Comments

@vlasov-y
Copy link

Hi! Issue comes from Flux
SOPS fails if we have keys with plain text, but those keys match encrypted_regex.
Can you please make SOPS to ignore fields if they are not acttualy encrypted?

Example manifest:

apiVersion: v1
kind: Pod
metadata:
  name: pod
spec:
  containers:
    - name: main
      image: nginx:stable-alpine
      env:
        - name: ENC[AES256_GCM,data:...
          value: ENC[AES256_GCM,data:...
      resources:
        limits:
          memory: 50Mi
          cpu: 50m
    - name: patched
      image: nginx:stable-alpine
      env:
        - name: MainEnvValueIsEncrypted
          value: but this one is not
sops:
  ...
  encrypted_regex: ^env$ # There it is
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@vlasov-y