Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow secret modification in exec-file mode #1217

Open
ashi009 opened this issue May 26, 2023 · 1 comment
Open

Allow secret modification in exec-file mode #1217

ashi009 opened this issue May 26, 2023 · 1 comment

Comments

@ashi009
Copy link

ashi009 commented May 26, 2023
edited
Loading

We have a case where a program needs to modify the secrets.

So the existing workflow is to make the program behave like an editor, and execute sops like:

EDITOR=path/to/tool sops path/to/encrypted_secret

This approach works for most of the case, however, we cannot pass arguments to the tool unless using a wrapper script for the conversion.

On the other hand, exec-file mode provides a much better interface for interacting with external tools. Which even uses FIFO device to avoid putting the secret on disk. It would be nice to make the FIFO bi-directional, so that the program could optionally write the modified content back to the device.

sops exec-file --edit path/to/encrypted_secert 'path/to/tool -file={} -other-flag'
@b4nst
Copy link

b4nst commented Feb 4, 2024

I would also really like this feature

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ashi009 @b4nst