Create a constant for the 'sops' metadata key.

Signed-off-by: Felix Fontein <felix@fontein.de>

cmd/sops/encrypt.go

@@ -9,6 +9,7 @@ import (
 	"github.com/getsops/sops/v3/cmd/sops/codes"
 	"github.com/getsops/sops/v3/cmd/sops/common"
 	"github.com/getsops/sops/v3/keyservice"
+	"github.com/getsops/sops/v3/stores"
 	"github.com/getsops/sops/v3/version"
 	"github.com/mitchellh/go-wordwrap"
 )
@@ -36,12 +37,12 @@ func (err *fileAlreadyEncryptedError) Error() string {
 
 func (err *fileAlreadyEncryptedError) UserError() string {
 	message := "The file you have provided contains a top-level entry called " +
-		"'sops', or for flat file formats top-level entries starting with " +
-		"'sops_'. This is generally due to the file already being encrypted. " +
-		"SOPS uses a top-level entry called 'sops' to store the metadata " +
+		"'" + stores.SopsMetadataKey + "', or for flat file formats top-level entries starting with " +
+		"'" + stores.SopsMetadataKey + "_'. This is generally due to the file already being encrypted. " +
+		"SOPS uses a top-level entry called '" + stores.SopsMetadataKey + "' to store the metadata " +
 		"required to decrypt the file. For this reason, SOPS can not " +
 		"encrypt files that already contain such an entry.\n\n" +
-		"If this is an unencrypted file, rename the 'sops' entry.\n\n" +
+		"If this is an unencrypted file, rename the '" + stores.SopsMetadataKey + "' entry.\n\n" +
 		"If this is an encrypted file and you want to edit it, use the " +
 		"editor mode, for example: `sops my_file.yaml`"
 	return wordwrap.WrapString(message, 75)

stores/dotenv/store.go

@@ -12,7 +12,7 @@ import (
 )
 
 // SopsPrefix is the prefix for all metadatada entry keys
-const SopsPrefix = "sops_"
+const SopsPrefix = stores.SopsMetadataKey + "_"
 
 // Store handles storage of dotenv data
 type Store struct {

stores/ini/store.go

@@ -148,7 +148,7 @@ func (store *Store) LoadEncryptedFile(in []byte) (sops.Tree, error) {
 		return sops.Tree{}, err
 	}
 
-	sopsSection, err := iniFileOuter.GetSection("sops")
+	sopsSection, err := iniFileOuter.GetSection(stores.SopsMetadataKey)
 	if err != nil {
 		return sops.Tree{}, sops.MetadataNotFound
 	}
@@ -170,7 +170,7 @@ func (store *Store) LoadEncryptedFile(in []byte) (sops.Tree, error) {
 	// Discard metadata, as we already loaded it.
 	for bi, branch := range branches {
 		for s, sectionBranch := range branch {
-			if sectionBranch.Key == "sops" {
+			if sectionBranch.Key == stores.SopsMetadataKey {
 				branch = append(branch[:s], branch[s+1:]...)
 				branches[bi] = branch
 			}
@@ -213,7 +213,7 @@ func (store *Store) EmitEncryptedFile(in sops.Tree) ([]byte, error) {
 	if err != nil {
 		return nil, err
 	}
-	sectionItem := sops.TreeItem{Key: "sops", Value: newBranch}
+	sectionItem := sops.TreeItem{Key: stores.SopsMetadataKey, Value: newBranch}
 	branch := sops.TreeBranch{sectionItem}
 
 	in.Branches = append(in.Branches, branch)

stores/json/store.go

@@ -295,7 +295,7 @@ func (store *Store) LoadEncryptedFile(in []byte) (sops.Tree, error) {
 	}
 	// Discard metadata, as we already loaded it.
 	for i, item := range branch {
-		if item.Key == "sops" {
+		if item.Key == stores.SopsMetadataKey {
 			branch = append(branch[:i], branch[i+1:]...)
 		}
 	}
@@ -321,7 +321,7 @@ func (store *Store) LoadPlainFile(in []byte) (sops.TreeBranches, error) {
 // EmitEncryptedFile returns the encrypted bytes of the json file corresponding to a
 // sops.Tree runtime object
 func (store *Store) EmitEncryptedFile(in sops.Tree) ([]byte, error) {
-	tree := append(in.Branches[0], sops.TreeItem{Key: "sops", Value: stores.MetadataFromInternal(in.Metadata)})
+	tree := append(in.Branches[0], sops.TreeItem{Key: stores.SopsMetadataKey, Value: stores.MetadataFromInternal(in.Metadata)})
 	out, err := store.jsonFromTreeBranch(tree)
 	if err != nil {
 		return nil, fmt.Errorf("Error marshaling to json: %s", err)

stores/stores.go

@@ -23,6 +23,11 @@ import (
 	"github.com/getsops/sops/v3/pgp"
 )
 
+const (
+	// The key used to store SOPS metadata at in SOPS encrypted files.
+	SopsMetadataKey = "sops"
+)
+
 // SopsFile is a struct used by the stores as a helper to unmarshal the SOPS metadata
 type SopsFile struct {
 	// Metadata is a pointer so we can easily tell when the field is not present
@@ -510,7 +515,7 @@ var ExampleFlatTree = sops.Tree{
 // HasSopsTopLevelKey returns true if the given branch has a top-level key called "sops".
 func HasSopsTopLevelKey(branch sops.TreeBranch) bool {
 	for _, b := range branch {
-		if b.Key == "sops" {
+		if b.Key == SopsMetadataKey {
 			return true
 		}
 	}

stores/yaml/store.go

@@ -291,7 +291,7 @@ func (store *Store) LoadEncryptedFile(in []byte) (sops.Tree, error) {
 		}
 
 		for i, elt := range branch {
-			if elt.Key == "sops" { // Erase
+			if elt.Key == stores.SopsMetadataKey { // Erase
 				branch = append(branch[:i], branch[i+1:]...)
 			}
 		}
@@ -357,7 +357,7 @@ func (store *Store) EmitEncryptedFile(in sops.Tree) ([]byte, error) {
 		// Create copy of branch with metadata appended
 		branch = append(sops.TreeBranch(nil), branch...)
 		branch = append(branch, sops.TreeItem{
-			Key:   "sops",
+			Key:   stores.SopsMetadataKey,
 			Value: stores.MetadataFromInternal(in.Metadata),
 		})
 		// Marshal branch to global mapping node