Upgrade sops to go 1.13 (#566)

2026-02-05 12:45:21 +01:00 · 2019-11-18 10:06:58 -08:00
parent 00ded41207
commit 8e21de8dbc
43 changed files with 179 additions and 170 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -3,7 +3,7 @@ jobs:
  build:
    working_directory: /go/src/go.mozilla.org/sops
    docker:
-      - image: circleci/golang:1.12
+      - image: circleci/golang:1.13
    steps:
      - checkout
      - setup_remote_docker
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,5 +1,5 @@
 language: go
-go: 1.12
+go: 1.13
 go_import_path: go.mozilla.org/sops/
 env:
@@ -21,6 +21,7 @@ before_install:
 before_script:
  - vault server -dev -dev-root-token-id="$VAULT_TOKEN" &
  - sleep 5
  - vault secrets enable -version=1 kv
 script:
@@ -37,7 +38,7 @@ before_deploy:
  - GOOS=linux CGO_ENABLED=0 GO111MODULE=on go build -mod vendor -o dist/sops-${TRAVIS_TAG}.linux go.mozilla.org/sops/cmd/sops
  - |
      if [ ! -z "$TRAVIS_TAG" ]; then
-        version="$(grep '^const Version' version/version.go |cut -d '"' -f 2)"
+        version="v$(grep '^const Version' version/version.go |cut -d '"' -f 2)"
        if [ "$version" != "$TRAVIS_TAG" ]; then
            echo "Git tag $TRAVIS_TAG does not match version $version, update the source!"
            exit 1
--- a/6
+++ b/6
@@ -10,7 +10,7 @@ all: test vet generate install functional-tests
 origin-build: test vet generate install functional-tests-all
 install:
-	$(GO) install go.mozilla.org/sops/cmd/sops
+	$(GO) install go.mozilla.org/sops/v3/cmd/sops
 tag: all
 	git tag -s $(TAGVER) -a -m "$(TAGMSG)"
@@ -39,13 +39,13 @@ generate: keyservice/keyservice.pb.go
 	protoc --go_out=plugins=grpc:. $<
 functional-tests:
-	$(GO) build -o functional-tests/sops go.mozilla.org/sops/cmd/sops
+	$(GO) build -o functional-tests/sops go.mozilla.org/sops/v3/cmd/sops
 	cd functional-tests && cargo test
 # Ignored tests are ones that require external services (e.g. AWS KMS)
 # 	TODO: Once `--include-ignored` lands in rust stable, switch to that.
 functional-tests-all:
-	$(GO) build -o functional-tests/sops go.mozilla.org/sops/cmd/sops
+	$(GO) build -o functional-tests/sops go.mozilla.org/sops/v3/cmd/sops
 	cd functional-tests && cargo test && cargo test -- --ignored
 deb-pkg: install
--- a/README.rst
+++ b/README.rst
@@ -28,12 +28,12 @@ For the adventurous, unstable features are available in the `develop` branch, wh
 .. code:: bash
-	$ go get -u go.mozilla.org/sops/cmd/sops
+	$ go get -u go.mozilla.org/sops/v3/cmd/sops
        $ cd $GOPATH/src/go.mozilla.org/sops/
        $ git checkout develop
        $ make install
-(requires Go >= 1.12)
+(requires Go >= 1.13)
 If you don't have Go installed, set it up with:
--- a/aes/cipher.go
+++ b/aes/cipher.go
@@ -1,7 +1,7 @@
 /*
 Package aes defines a Cipher that uses 256-bit AES-GCM authenticated encryption to encrypt values the SOPS tree.
 */
-package aes //import "go.mozilla.org/sops/aes"
+package aes //import "go.mozilla.org/sops/v3/aes"
 import (
 	cryptoaes "crypto/aes"
@@ -14,8 +14,8 @@ import (
 	"strings"
 	"github.com/sirupsen/logrus"
-	"go.mozilla.org/sops"
+	"go.mozilla.org/sops/v3"
-	"go.mozilla.org/sops/logging"
+	"go.mozilla.org/sops/v3/logging"
 )
 var log *logrus.Logger
--- a/aes/cipher_test.go
+++ b/aes/cipher_test.go
@@ -7,7 +7,7 @@ import (
 	"testing/quick"
 	"github.com/stretchr/testify/assert"
-	"go.mozilla.org/sops"
+	"go.mozilla.org/sops/v3"
 )
 func TestDecrypt(t *testing.T) {
--- a/audit/audit.go
+++ b/audit/audit.go
@@ -12,9 +12,9 @@ import (
 	// empty import as per https://godoc.org/github.com/lib/pq
 	_ "github.com/lib/pq"
 	"github.com/mozilla-services/yaml"
 	"github.com/sirupsen/logrus"
-	"go.mozilla.org/sops/logging"
+	"go.mozilla.org/sops/v3/logging"
 	"gopkg.in/yaml.v2"
 )
 var log *logrus.Logger
--- a/azkv/keysource.go
+++ b/azkv/keysource.go
@@ -1,8 +1,8 @@
 /*
-Package azkv contains an implementation of the go.mozilla.org/sops/keys.MasterKey interface that encrypts and decrypts the
+Package azkv contains an implementation of the go.mozilla.org/sops/v3/keys.MasterKey interface that encrypts and decrypts the
 data key using Azure Key Vault with the Azure Go SDK.
 */
-package azkv //import "go.mozilla.org/sops/azkv"
+package azkv //import "go.mozilla.org/sops/v3/azkv"
 import (
 	"context"
@@ -14,7 +14,7 @@ import (
 	"strings"
 	"time"
-	"go.mozilla.org/sops/logging"
+	"go.mozilla.org/sops/v3/logging"
 	"github.com/Azure/azure-sdk-for-go/services/keyvault/2016-10-01/keyvault"
 	"github.com/Azure/go-autorest/autorest"
--- a/cmd/sops/common/common.go
+++ b/cmd/sops/common/common.go
@@ -9,17 +9,17 @@ import (
 	"github.com/fatih/color"
 	wordwrap "github.com/mitchellh/go-wordwrap"
-	"go.mozilla.org/sops"
+	"go.mozilla.org/sops/v3"
-	"go.mozilla.org/sops/cmd/sops/codes"
+	"go.mozilla.org/sops/v3/cmd/sops/codes"
-	. "go.mozilla.org/sops/cmd/sops/formats"
+	. "go.mozilla.org/sops/v3/cmd/sops/formats"
-	"go.mozilla.org/sops/keys"
+	"go.mozilla.org/sops/v3/keys"
-	"go.mozilla.org/sops/keyservice"
+	"go.mozilla.org/sops/v3/keyservice"
-	"go.mozilla.org/sops/kms"
+	"go.mozilla.org/sops/v3/kms"
-	"go.mozilla.org/sops/stores/dotenv"
+	"go.mozilla.org/sops/v3/stores/dotenv"
-	"go.mozilla.org/sops/stores/ini"
+	"go.mozilla.org/sops/v3/stores/ini"
-	"go.mozilla.org/sops/stores/json"
+	"go.mozilla.org/sops/v3/stores/json"
-	"go.mozilla.org/sops/stores/yaml"
+	"go.mozilla.org/sops/v3/stores/yaml"
-	"go.mozilla.org/sops/version"
+	"go.mozilla.org/sops/v3/version"
 	"golang.org/x/crypto/ssh/terminal"
 	"gopkg.in/urfave/cli.v1"
 )
--- a/cmd/sops/decrypt.go
+++ b/cmd/sops/decrypt.go
@@ -3,10 +3,10 @@ package main
 import (
 	"fmt"
-	"go.mozilla.org/sops"
+	"go.mozilla.org/sops/v3"
-	"go.mozilla.org/sops/cmd/sops/codes"
+	"go.mozilla.org/sops/v3/cmd/sops/codes"
-	"go.mozilla.org/sops/cmd/sops/common"
+	"go.mozilla.org/sops/v3/cmd/sops/common"
-	"go.mozilla.org/sops/keyservice"
+	"go.mozilla.org/sops/v3/keyservice"
 )
 type decryptOpts struct {
--- a/cmd/sops/edit.go
+++ b/cmd/sops/edit.go
@@ -16,11 +16,11 @@ import (
 	"path/filepath"
 	"github.com/google/shlex"
-	"go.mozilla.org/sops"
+	"go.mozilla.org/sops/v3"
-	"go.mozilla.org/sops/cmd/sops/codes"
+	"go.mozilla.org/sops/v3/cmd/sops/codes"
-	"go.mozilla.org/sops/cmd/sops/common"
+	"go.mozilla.org/sops/v3/cmd/sops/common"
-	"go.mozilla.org/sops/keyservice"
+	"go.mozilla.org/sops/v3/keyservice"
-	"go.mozilla.org/sops/version"
+	"go.mozilla.org/sops/v3/version"
 )
 type editOpts struct {
--- a/cmd/sops/encrypt.go
+++ b/cmd/sops/encrypt.go
@@ -7,11 +7,11 @@ import (
 	"fmt"
 	wordwrap "github.com/mitchellh/go-wordwrap"
-	"go.mozilla.org/sops"
+	"go.mozilla.org/sops/v3"
-	"go.mozilla.org/sops/cmd/sops/codes"
+	"go.mozilla.org/sops/v3/cmd/sops/codes"
-	"go.mozilla.org/sops/cmd/sops/common"
+	"go.mozilla.org/sops/v3/cmd/sops/common"
-	"go.mozilla.org/sops/keyservice"
+	"go.mozilla.org/sops/v3/keyservice"
-	"go.mozilla.org/sops/version"
+	"go.mozilla.org/sops/v3/version"
 )
 type encryptOpts struct {
--- a/cmd/sops/main.go
+++ b/cmd/sops/main.go
@@ -1,4 +1,4 @@
-package main //import "go.mozilla.org/sops/cmd/sops"
+package main //import "go.mozilla.org/sops/v3/cmd/sops"
 import (
 	encodingjson "encoding/json"
@@ -13,27 +13,27 @@ import (
 	"time"
 	"github.com/sirupsen/logrus"
-	"go.mozilla.org/sops"
+	"go.mozilla.org/sops/v3"
-	"go.mozilla.org/sops/aes"
+	"go.mozilla.org/sops/v3/aes"
-	_ "go.mozilla.org/sops/audit"
+	_ "go.mozilla.org/sops/v3/audit"
-	"go.mozilla.org/sops/azkv"
+	"go.mozilla.org/sops/v3/azkv"
-	"go.mozilla.org/sops/cmd/sops/codes"
+	"go.mozilla.org/sops/v3/cmd/sops/codes"
-	"go.mozilla.org/sops/cmd/sops/common"
+	"go.mozilla.org/sops/v3/cmd/sops/common"
-	"go.mozilla.org/sops/cmd/sops/subcommand/exec"
+	"go.mozilla.org/sops/v3/cmd/sops/subcommand/exec"
-	"go.mozilla.org/sops/cmd/sops/subcommand/groups"
+	"go.mozilla.org/sops/v3/cmd/sops/subcommand/groups"
-	keyservicecmd "go.mozilla.org/sops/cmd/sops/subcommand/keyservice"
+	keyservicecmd "go.mozilla.org/sops/v3/cmd/sops/subcommand/keyservice"
-	publishcmd "go.mozilla.org/sops/cmd/sops/subcommand/publish"
+	publishcmd "go.mozilla.org/sops/v3/cmd/sops/subcommand/publish"
-	"go.mozilla.org/sops/cmd/sops/subcommand/updatekeys"
+	"go.mozilla.org/sops/v3/cmd/sops/subcommand/updatekeys"
-	"go.mozilla.org/sops/config"
+	"go.mozilla.org/sops/v3/config"
-	"go.mozilla.org/sops/gcpkms"
+	"go.mozilla.org/sops/v3/gcpkms"
-	"go.mozilla.org/sops/keys"
+	"go.mozilla.org/sops/v3/keys"
-	"go.mozilla.org/sops/keyservice"
+	"go.mozilla.org/sops/v3/keyservice"
-	"go.mozilla.org/sops/kms"
+	"go.mozilla.org/sops/v3/kms"
-	"go.mozilla.org/sops/logging"
+	"go.mozilla.org/sops/v3/logging"
-	"go.mozilla.org/sops/pgp"
+	"go.mozilla.org/sops/v3/pgp"
-	"go.mozilla.org/sops/stores/dotenv"
+	"go.mozilla.org/sops/v3/stores/dotenv"
-	"go.mozilla.org/sops/stores/json"
+	"go.mozilla.org/sops/v3/stores/json"
-	"go.mozilla.org/sops/version"
+	"go.mozilla.org/sops/v3/version"
 	"google.golang.org/grpc"
 	"gopkg.in/urfave/cli.v1"
 )
--- a/cmd/sops/rotate.go
+++ b/cmd/sops/rotate.go
@@ -3,12 +3,12 @@ package main
 import (
 	"fmt"
-	"go.mozilla.org/sops"
+	"go.mozilla.org/sops/v3"
-	"go.mozilla.org/sops/audit"
+	"go.mozilla.org/sops/v3/audit"
-	"go.mozilla.org/sops/cmd/sops/codes"
+	"go.mozilla.org/sops/v3/cmd/sops/codes"
-	"go.mozilla.org/sops/cmd/sops/common"
+	"go.mozilla.org/sops/v3/cmd/sops/common"
-	"go.mozilla.org/sops/keys"
+	"go.mozilla.org/sops/v3/keys"
-	"go.mozilla.org/sops/keyservice"
+	"go.mozilla.org/sops/v3/keyservice"
 )
 type rotateOpts struct {
--- a/cmd/sops/set.go
+++ b/cmd/sops/set.go
@@ -3,10 +3,10 @@ package main
 import (
 	"fmt"
-	"go.mozilla.org/sops"
+	"go.mozilla.org/sops/v3"
-	"go.mozilla.org/sops/cmd/sops/codes"
+	"go.mozilla.org/sops/v3/cmd/sops/codes"
-	"go.mozilla.org/sops/cmd/sops/common"
+	"go.mozilla.org/sops/v3/cmd/sops/common"
-	"go.mozilla.org/sops/keyservice"
+	"go.mozilla.org/sops/v3/keyservice"
 )
 type setOpts struct {
--- a/cmd/sops/subcommand/exec/exec.go
+++ b/cmd/sops/subcommand/exec/exec.go
@@ -7,7 +7,7 @@ import (
 	"runtime"
 	"strings"
-	"go.mozilla.org/sops/logging"
+	"go.mozilla.org/sops/v3/logging"
 	"github.com/sirupsen/logrus"
 )
--- a/cmd/sops/subcommand/groups/add.go
+++ b/cmd/sops/subcommand/groups/add.go
@@ -3,9 +3,9 @@ package groups
 import (
 	"os"
-	"go.mozilla.org/sops"
+	"go.mozilla.org/sops/v3"
-	"go.mozilla.org/sops/cmd/sops/common"
+	"go.mozilla.org/sops/v3/cmd/sops/common"
-	"go.mozilla.org/sops/keyservice"
+	"go.mozilla.org/sops/v3/keyservice"
 )
 // AddOpts are the options for adding a key group to a SOPS file
--- a/cmd/sops/subcommand/groups/delete.go
+++ b/cmd/sops/subcommand/groups/delete.go
@@ -5,9 +5,9 @@ import (
 	"fmt"
-	"go.mozilla.org/sops"
+	"go.mozilla.org/sops/v3"
-	"go.mozilla.org/sops/cmd/sops/common"
+	"go.mozilla.org/sops/v3/cmd/sops/common"
-	"go.mozilla.org/sops/keyservice"
+	"go.mozilla.org/sops/v3/keyservice"
 )
 // DeleteOpts are the options for deleting a key group from a SOPS file
--- a/cmd/sops/subcommand/keyservice/keyservice.go
+++ b/cmd/sops/subcommand/keyservice/keyservice.go
@@ -6,8 +6,8 @@ import (
 	"os/signal"
 	"syscall"
-	"go.mozilla.org/sops/keyservice"
+	"go.mozilla.org/sops/v3/keyservice"
-	"go.mozilla.org/sops/logging"
+	"go.mozilla.org/sops/v3/logging"
 	"github.com/sirupsen/logrus"
 	"google.golang.org/grpc"
--- a/cmd/sops/subcommand/publish/publish.go
+++ b/cmd/sops/subcommand/publish/publish.go
@@ -7,14 +7,14 @@ import (
 	"os"
 	"path/filepath"
-	"go.mozilla.org/sops"
+	"go.mozilla.org/sops/v3"
-	"go.mozilla.org/sops/cmd/sops/codes"
+	"go.mozilla.org/sops/v3/cmd/sops/codes"
-	"go.mozilla.org/sops/cmd/sops/common"
+	"go.mozilla.org/sops/v3/cmd/sops/common"
-	"go.mozilla.org/sops/config"
+	"go.mozilla.org/sops/v3/config"
-	"go.mozilla.org/sops/keyservice"
+	"go.mozilla.org/sops/v3/keyservice"
-	"go.mozilla.org/sops/logging"
+	"go.mozilla.org/sops/v3/logging"
-	"go.mozilla.org/sops/publish"
+	"go.mozilla.org/sops/v3/publish"
-	"go.mozilla.org/sops/version"
+	"go.mozilla.org/sops/v3/version"
 	"github.com/sirupsen/logrus"
 )
--- a/cmd/sops/subcommand/updatekeys/updatekeys.go
+++ b/cmd/sops/subcommand/updatekeys/updatekeys.go
@@ -6,10 +6,10 @@ import (
 	"os"
 	"path/filepath"
-	"go.mozilla.org/sops/cmd/sops/codes"
+	"go.mozilla.org/sops/v3/cmd/sops/codes"
-	"go.mozilla.org/sops/cmd/sops/common"
+	"go.mozilla.org/sops/v3/cmd/sops/common"
-	"go.mozilla.org/sops/config"
+	"go.mozilla.org/sops/v3/config"
-	"go.mozilla.org/sops/keyservice"
+	"go.mozilla.org/sops/v3/keyservice"
 )
 // Opts represents key operation options and config
--- a/config/config.go
+++ b/config/config.go
@@ -1,7 +1,7 @@
 /*
 Package config provides a way to find and load SOPS configuration files
 */
-package config //import "go.mozilla.org/sops/config"
+package config //import "go.mozilla.org/sops/v3/config"
 import (
 	"fmt"
@@ -12,13 +12,13 @@ import (
 	"github.com/mozilla-services/yaml"
 	"github.com/sirupsen/logrus"
-	"go.mozilla.org/sops"
+	"go.mozilla.org/sops/v3"
-	"go.mozilla.org/sops/azkv"
+	"go.mozilla.org/sops/v3/azkv"
-	"go.mozilla.org/sops/gcpkms"
+	"go.mozilla.org/sops/v3/gcpkms"
-	"go.mozilla.org/sops/kms"
+	"go.mozilla.org/sops/v3/kms"
-	"go.mozilla.org/sops/logging"
+	"go.mozilla.org/sops/v3/logging"
-	"go.mozilla.org/sops/pgp"
+	"go.mozilla.org/sops/v3/pgp"
-	"go.mozilla.org/sops/publish"
+	"go.mozilla.org/sops/v3/publish"
 )
 var log *logrus.Logger
--- a/decrypt/decrypt.go
+++ b/decrypt/decrypt.go
@@ -2,16 +2,16 @@
 Package decrypt is the external API other Go programs can use to decrypt SOPS files. It is the only package in SOPS with
 a stable API.
 */
-package decrypt // import "go.mozilla.org/sops/decrypt"
+package decrypt // import "go.mozilla.org/sops/v3/decrypt"
 import (
 	"fmt"
 	"io/ioutil"
 	"time"
-	"go.mozilla.org/sops/aes"
+	"go.mozilla.org/sops/v3/aes"
-	"go.mozilla.org/sops/cmd/sops/common"
+	"go.mozilla.org/sops/v3/cmd/sops/common"
-	. "go.mozilla.org/sops/cmd/sops/formats" // Re-export
+	. "go.mozilla.org/sops/v3/cmd/sops/formats" // Re-export
 )
 // File is a wrapper around Data that reads a local encrypted
--- a/decrypt/example_test.go
+++ b/decrypt/example_test.go
@@ -3,7 +3,7 @@ package decrypt
 import (
 	"encoding/json"
-	"go.mozilla.org/sops/logging"
+	"go.mozilla.org/sops/v3/logging"
 	"github.com/sirupsen/logrus"
 )
--- a/gcpkms/keysource.go
+++ b/gcpkms/keysource.go
@@ -1,4 +1,4 @@
-package gcpkms //import "go.mozilla.org/sops/gcpkms"
+package gcpkms //import "go.mozilla.org/sops/v3/gcpkms"
 import (
 	"encoding/base64"
@@ -7,7 +7,7 @@ import (
 	"strings"
 	"time"
-	"go.mozilla.org/sops/logging"
+	"go.mozilla.org/sops/v3/logging"
 	"golang.org/x/net/context"
 	"golang.org/x/oauth2/google"
--- a/go.mod
+++ b/go.mod
@@ -1,14 +1,14 @@
-module go.mozilla.org/sops
+module go.mozilla.org/sops/v3
-go 1.12
+go 1.13
 require (
 	cloud.google.com/go v0.43.0
 	github.com/Azure/azure-sdk-for-go v31.2.0+incompatible
-	github.com/Azure/go-autorest/autorest v0.5.0
+	github.com/Azure/go-autorest/autorest v0.9.0
 	github.com/Azure/go-autorest/autorest/azure/auth v0.1.0
-	github.com/Azure/go-autorest/autorest/to v0.2.0 // indirect
+	github.com/Azure/go-autorest/autorest/to v0.3.0 // indirect
-	github.com/Azure/go-autorest/autorest/validation v0.1.0 // indirect
+	github.com/Azure/go-autorest/autorest/validation v0.2.0 // indirect
 	github.com/aws/aws-sdk-go v1.23.13
 	github.com/blang/semver v3.5.1+incompatible
 	github.com/fatih/color v1.7.0
@@ -19,7 +19,7 @@ require (
 	github.com/howeyc/gopass v0.0.0-20170109162249-bf9dde6d0d2c
 	github.com/lib/pq v1.2.0
 	github.com/mitchellh/go-wordwrap v1.0.0
-	github.com/mozilla-services/yaml v0.0.0-20180922153656-28ffe5d0cafb
+	github.com/mozilla-services/yaml v0.0.0-20191106225358-5c216288813c
 	github.com/pkg/errors v0.8.1
 	github.com/sirupsen/logrus v1.4.2
 	github.com/smartystreets/goconvey v0.0.0-20190710185942-9d28bd7c0945 // indirect
@@ -32,5 +32,4 @@ require (
 	google.golang.org/grpc v1.22.1
 	gopkg.in/ini.v1 v1.44.0
 	gopkg.in/urfave/cli.v1 v1.20.0
 	gopkg.in/yaml.v2 v2.2.2
 )
--- a/go.sum
+++ b/go.sum
@@ -7,12 +7,18 @@ contrib.go.opencensus.io/exporter/ocagent v0.4.12 h1:jGFvw3l57ViIVEPKKEUXPcLYIXJ
 contrib.go.opencensus.io/exporter/ocagent v0.4.12/go.mod h1:450APlNTSR6FrvC3CTRqYosuDstRB9un7SOx2k/9ckA=
 github.com/Azure/azure-sdk-for-go v31.2.0+incompatible h1:kZFnTLmdQYNGfakatSivKHUfUnDZhqNdchHD4oIhp5k=
 github.com/Azure/azure-sdk-for-go v31.2.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
 github.com/Azure/go-autorest v13.3.0+incompatible h1:8Ix0VdeOllBx9jEcZ2Wb1uqWUpE1awmJiaHztwaJCPk=
 github.com/Azure/go-autorest/autorest v0.1.0/go.mod h1:AKyIcETwSUFxIcs/Wnq/C+kwCtlEYGUVd7FPNb2slmg=
 github.com/Azure/go-autorest/autorest v0.5.0 h1:Mlm9qy2fpQ9MvfyI41G2Zf5B4CsgjjNbLOWszfK6KrY=
 github.com/Azure/go-autorest/autorest v0.5.0/go.mod h1:9HLKlQjVBH6U3oDfsXOeVc56THsLPw1L03yban4xThw=
 github.com/Azure/go-autorest/autorest v0.9.0 h1:MRvx8gncNaXJqOoLmhNjUAKh33JJF8LyxPhomEtOsjs=
 github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI=
 github.com/Azure/go-autorest/autorest v0.9.2 h1:6AWuh3uWrsZJcNoCHrCF/+g4aKPCU39kaMO6/qrnK/4=
 github.com/Azure/go-autorest/autorest/adal v0.1.0/go.mod h1:MeS4XhScH55IST095THyTxElntu7WqB7pNbZo8Q5G3E=
 github.com/Azure/go-autorest/autorest/adal v0.2.0 h1:7IBDu1jgh+ADHXnEYExkV9RE/ztOOlxdACkkPRthGKw=
 github.com/Azure/go-autorest/autorest/adal v0.2.0/go.mod h1:MeS4XhScH55IST095THyTxElntu7WqB7pNbZo8Q5G3E=
 github.com/Azure/go-autorest/autorest/adal v0.5.0 h1:q2gDruN08/guU9vAjuPWff0+QIrpH6ediguzdAzXAUU=
 github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0=
 github.com/Azure/go-autorest/autorest/azure/auth v0.1.0 h1:YgO/vSnJEc76NLw2ecIXvXa8bDWiqf1pOJzARAoZsYU=
 github.com/Azure/go-autorest/autorest/azure/auth v0.1.0/go.mod h1:Gf7/i2FUpyb/sGBLIFxTBzrNzBo7aPXXE3ZVeDRwdpM=
 github.com/Azure/go-autorest/autorest/azure/cli v0.1.0 h1:YTtBrcb6mhA+PoSW8WxFDoIIyjp13XqJeX80ssQtri4=
@@ -21,14 +27,21 @@ github.com/Azure/go-autorest/autorest/date v0.1.0 h1:YGrhWfrgtFs84+h0o46rJrlmsZt
 github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA=
 github.com/Azure/go-autorest/autorest/mocks v0.1.0 h1:Kx+AUU2Te+A3JIyYn6Dfs+cFgx5XorQKuIXrZGoq/SI=
 github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0=
 github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0=
 github.com/Azure/go-autorest/autorest/to v0.2.0 h1:nQOZzFCudTh+TvquAtCRjM01VEYx85e9qbwt5ncW4L8=
 github.com/Azure/go-autorest/autorest/to v0.2.0/go.mod h1:GunWKJp1AEqgMaGLV+iocmRAJWqST1wQYhyyjXJ3SJc=
 github.com/Azure/go-autorest/autorest/to v0.3.0 h1:zebkZaadz7+wIQYgC7GXaz3Wb28yKYfVkkBKwc38VF8=
 github.com/Azure/go-autorest/autorest/to v0.3.0/go.mod h1:MgwOyqaIuKdG4TL/2ywSsIWKAfJfgHDo8ObuUk3t5sA=
 github.com/Azure/go-autorest/autorest/validation v0.1.0 h1:ISSNzGUh+ZSzizJWOWzs8bwpXIePbGLW4z/AmUFGH5A=
 github.com/Azure/go-autorest/autorest/validation v0.1.0/go.mod h1:Ha3z/SqBeaalWQvokg3NZAlQTalVMtOIAs1aGK7G6u8=
 github.com/Azure/go-autorest/autorest/validation v0.2.0 h1:15vMO4y76dehZSq7pAaOLQxC6dZYsSrj2GQpflyM/L4=
 github.com/Azure/go-autorest/autorest/validation v0.2.0/go.mod h1:3EEqHnBxQGHXRYq3HT1WyXAvT7LLY3tl70hw6tQIbjI=
 github.com/Azure/go-autorest/logger v0.1.0 h1:ruG4BSDXONFRrZZJ2GUXDiUyVpayPmb1GnWeHDdaNKY=
 github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc=
 github.com/Azure/go-autorest/tracing v0.1.0 h1:TRBxC5Pj/fIuh4Qob0ZpkggbfT8RC0SubHbpV3p4/Vc=
 github.com/Azure/go-autorest/tracing v0.1.0/go.mod h1:ROEEAFwXycQw7Sn3DXNtEedEvdeRAgDr0izn4z5Ij88=
 github.com/Azure/go-autorest/tracing v0.5.0 h1:TRn4WjSnkcSy5AEG3pnbtFSwNtwzjr4VYyQflFE619k=
 github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo=
@@ -38,8 +51,6 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF
 github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/aws/aws-sdk-go v1.21.6 h1:3GuIm55Uls52aQIDGBnSEZbk073jpasfQyeM5eZU61Q=
 github.com/aws/aws-sdk-go v1.21.6/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.23.13 h1:l/NG+mgQFRGG3dsFzEj0jw9JIs/zYdtU6MXhY1WIDmM=
 github.com/aws/aws-sdk-go v1.23.13/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
@@ -172,8 +183,8 @@ github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUb
 github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE=
 github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
-github.com/mozilla-services/yaml v0.0.0-20180922153656-28ffe5d0cafb h1:wj4n5+b4t84Qze8N/n0PKpaBTlbA7g7nTYG01h16mh0=
+github.com/mozilla-services/yaml v0.0.0-20191106225358-5c216288813c h1:yE1NxRAZA3wF0laDWECtOe2J0tFjSHUI6MXXbMif+QY=
-github.com/mozilla-services/yaml v0.0.0-20180922153656-28ffe5d0cafb/go.mod h1:Is/Ucts/yU/mWyGR8yELRoO46mejouKsJfQLAIfTR18=
+github.com/mozilla-services/yaml v0.0.0-20191106225358-5c216288813c/go.mod h1:Is/Ucts/yU/mWyGR8yELRoO46mejouKsJfQLAIfTR18=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
@@ -343,8 +354,6 @@ gopkg.in/urfave/cli.v1 v1.20.0 h1:NdAVW6RYxDif9DhDHaAortIu956m2c0v+09AZBPTbE0=
 gopkg.in/urfave/cli.v1 v1.20.0/go.mod h1:vuBzUtMdQeixQj8LVd+/98pzhxNGQoyuPBlsXHOQNO0=
 gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
--- a/keyservice/keyservice.go
+++ b/keyservice/keyservice.go
@@ -7,11 +7,11 @@ package keyservice
 import (
 	"fmt"
-	"go.mozilla.org/sops/azkv"
+	"go.mozilla.org/sops/v3/azkv"
-	"go.mozilla.org/sops/gcpkms"
+	"go.mozilla.org/sops/v3/gcpkms"
-	"go.mozilla.org/sops/keys"
+	"go.mozilla.org/sops/v3/keys"
-	"go.mozilla.org/sops/kms"
+	"go.mozilla.org/sops/v3/kms"
-	"go.mozilla.org/sops/pgp"
+	"go.mozilla.org/sops/v3/pgp"
 )
 // KeyFromMasterKey converts a SOPS internal MasterKey to an RPC Key that can be serialized with Protocol Buffers
--- a/keyservice/server.go
+++ b/keyservice/server.go
@@ -3,10 +3,10 @@ package keyservice
 import (
 	"fmt"
-	"go.mozilla.org/sops/azkv"
+	"go.mozilla.org/sops/v3/azkv"
-	"go.mozilla.org/sops/gcpkms"
+	"go.mozilla.org/sops/v3/gcpkms"
-	"go.mozilla.org/sops/kms"
+	"go.mozilla.org/sops/v3/kms"
-	"go.mozilla.org/sops/pgp"
+	"go.mozilla.org/sops/v3/pgp"
 	"golang.org/x/net/context"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
--- a/kms/keysource.go
+++ b/kms/keysource.go
@@ -1,8 +1,8 @@
 /*
-Package kms contains an implementation of the go.mozilla.org/sops.MasterKey interface that encrypts and decrypts the
+Package kms contains an implementation of the go.mozilla.org/sops/v3.MasterKey interface that encrypts and decrypts the
 data key using AWS KMS with the AWS Go SDK.
 */
-package kms //import "go.mozilla.org/sops/kms"
+package kms //import "go.mozilla.org/sops/v3/kms"
 import (
 	"encoding/base64"
@@ -12,7 +12,7 @@ import (
 	"strings"
 	"time"
-	"go.mozilla.org/sops/logging"
+	"go.mozilla.org/sops/v3/logging"
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/credentials"
--- a/kms/keysource_test.go
+++ b/kms/keysource_test.go
@@ -9,7 +9,7 @@ import (
 	"github.com/aws/aws-sdk-go/service/kms"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
-	"go.mozilla.org/sops/kms/mocks"
+	"go.mozilla.org/sops/v3/kms/mocks"
 )
 func TestKMS(t *testing.T) {
--- a/pgp/keysource.go
+++ b/pgp/keysource.go
@@ -1,8 +1,8 @@
 /*
-Package pgp contains an implementation of the go.mozilla.org/sops.MasterKey interface that encrypts and decrypts the
+Package pgp contains an implementation of the go.mozilla.org/sops/v3.MasterKey interface that encrypts and decrypts the
 data key by first trying with the golang.org/x/crypto/openpgp package and if that fails, by calling the "gpg" binary.
 */
-package pgp //import "go.mozilla.org/sops/pgp"
+package pgp //import "go.mozilla.org/sops/v3/pgp"
 import (
 	"bytes"
@@ -21,7 +21,7 @@ import (
 	"github.com/howeyc/gopass"
 	"github.com/sirupsen/logrus"
 	gpgagent "go.mozilla.org/gopgagent"
-	"go.mozilla.org/sops/logging"
+	"go.mozilla.org/sops/v3/logging"
 	"golang.org/x/crypto/openpgp"
 	"golang.org/x/crypto/openpgp/armor"
 )
--- a/sops.go
+++ b/sops.go
@@ -2,10 +2,10 @@
 Package sops manages JSON, YAML and BINARY documents to be encrypted or decrypted.
 This package should not be used directly. Instead, Sops users should install the
-command line client via `go get -u go.mozilla.org/sops/cmd/sops`, or use the
+command line client via `go get -u go.mozilla.org/sops/v3/cmd/sops`, or use the
-decryption helper provided at `go.mozilla.org/sops/decrypt`.
+decryption helper provided at `go.mozilla.org/sops/v3/decrypt`.
-We do not guarantee API stability for any package other than `go.mozilla.org/sops/decrypt`.
+We do not guarantee API stability for any package other than `go.mozilla.org/sops/v3/decrypt`.
 A Sops document is a Tree composed of a data branch with arbitrary key/value pairs
 and a metadata branch with encryption and integrity information.
@@ -34,7 +34,7 @@ be recalculated and compared with the MAC stored in the document to verify that
 fraudulent changes have been applied. The MAC covers keys and values as well as their
 ordering.
 */
-package sops //import "go.mozilla.org/sops"
+package sops //import "go.mozilla.org/sops/v3"
 import (
 	"crypto/rand"
@@ -47,11 +47,11 @@ import (
 	"time"
 	"github.com/sirupsen/logrus"
-	"go.mozilla.org/sops/audit"
+	"go.mozilla.org/sops/v3/audit"
-	"go.mozilla.org/sops/keys"
+	"go.mozilla.org/sops/v3/keys"
-	"go.mozilla.org/sops/keyservice"
+	"go.mozilla.org/sops/v3/keyservice"
-	"go.mozilla.org/sops/logging"
+	"go.mozilla.org/sops/v3/logging"
-	"go.mozilla.org/sops/shamir"
+	"go.mozilla.org/sops/v3/shamir"
 	"golang.org/x/net/context"
 )
--- a/stores/dotenv/store.go
+++ b/stores/dotenv/store.go
@@ -1,4 +1,4 @@
-package dotenv //import "go.mozilla.org/sops/stores/dotenv"
+package dotenv //import "go.mozilla.org/sops/v3/stores/dotenv"
 import (
 	"bytes"
@@ -6,8 +6,8 @@ import (
 	"fmt"
 	"strings"
-	"go.mozilla.org/sops"
+	"go.mozilla.org/sops/v3"
-	"go.mozilla.org/sops/stores"
+	"go.mozilla.org/sops/v3/stores"
 )
 // SopsPrefix is the prefix for all metadatada entry keys
--- a/stores/dotenv/store_test.go
+++ b/stores/dotenv/store_test.go
@@ -5,7 +5,7 @@ import (
 	"testing"
 	"github.com/stretchr/testify/assert"
-	"go.mozilla.org/sops"
+	"go.mozilla.org/sops/v3"
 )
 var PLAIN = []byte(strings.TrimLeft(`
--- a/stores/ini/store.go
+++ b/stores/ini/store.go
@@ -1,4 +1,4 @@
-package ini //import "go.mozilla.org/sops/stores/ini"
+package ini //import "go.mozilla.org/sops/v3/stores/ini"
 import (
 	"bytes"
@@ -9,8 +9,8 @@ import (
 	"strconv"
 	"strings"
-	"go.mozilla.org/sops"
+	"go.mozilla.org/sops/v3"
-	"go.mozilla.org/sops/stores"
+	"go.mozilla.org/sops/v3/stores"
 	"gopkg.in/ini.v1"
 )
--- a/stores/ini/store_test.go
+++ b/stores/ini/store_test.go
@@ -4,7 +4,7 @@ import (
 	"testing"
 	"github.com/stretchr/testify/assert"
-	"go.mozilla.org/sops"
+	"go.mozilla.org/sops/v3"
 )
 func TestDecodeIni(t *testing.T) {
--- a/stores/json/store.go
+++ b/stores/json/store.go
@@ -1,4 +1,4 @@
-package json //import "go.mozilla.org/sops/stores/json"
+package json //import "go.mozilla.org/sops/v3/stores/json"
 import (
 	"bytes"
@@ -6,8 +6,8 @@ import (
 	"fmt"
 	"io"
-	"go.mozilla.org/sops"
+	"go.mozilla.org/sops/v3"
-	"go.mozilla.org/sops/stores"
+	"go.mozilla.org/sops/v3/stores"
 )
 // Store handles storage of JSON data.
--- a/stores/json/store_test.go
+++ b/stores/json/store_test.go
@@ -4,7 +4,7 @@ import (
 	"testing"
 	"github.com/stretchr/testify/assert"
-	"go.mozilla.org/sops"
+	"go.mozilla.org/sops/v3"
 )
 func TestDecodeJSON(t *testing.T) {
--- a/stores/stores.go
+++ b/stores/stores.go
@@ -14,11 +14,11 @@ import (
 	"fmt"
-	"go.mozilla.org/sops"
+	"go.mozilla.org/sops/v3"
-	"go.mozilla.org/sops/azkv"
+	"go.mozilla.org/sops/v3/azkv"
-	"go.mozilla.org/sops/gcpkms"
+	"go.mozilla.org/sops/v3/gcpkms"
-	"go.mozilla.org/sops/kms"
+	"go.mozilla.org/sops/v3/kms"
-	"go.mozilla.org/sops/pgp"
+	"go.mozilla.org/sops/v3/pgp"
 )
 // SopsFile is a struct used by the stores as a helper to unmarshal the SOPS metadata
--- a/stores/yaml/store.go
+++ b/stores/yaml/store.go
@@ -1,11 +1,11 @@
-package yaml //import "go.mozilla.org/sops/stores/yaml"
+package yaml //import "go.mozilla.org/sops/v3/stores/yaml"
 import (
 	"fmt"
 	"github.com/mozilla-services/yaml"
-	"go.mozilla.org/sops"
+	"go.mozilla.org/sops/v3"
-	"go.mozilla.org/sops/stores"
+	"go.mozilla.org/sops/v3/stores"
 )
 // Store handles storage of YAML data
--- a/stores/yaml/store_test.go
+++ b/stores/yaml/store_test.go
@@ -4,7 +4,7 @@ import (
 	"testing"
 	"github.com/stretchr/testify/assert"
-	"go.mozilla.org/sops"
+	"go.mozilla.org/sops/v3"
 )
 var PLAIN = []byte(`---
--- a/version/version.go
+++ b/version/version.go
@@ -25,7 +25,7 @@ func PrintVersion(c *cli.Context) {
 		out += fmt.Sprintf("\n[warning] failed to compare current version with latest: %v\n", err)
 	}
 	if outdated {
-		out += fmt.Sprintf("\n[info] sops %s is available, update with `go get -u go.mozilla.org/sops/cmd/sops`\n", upstreamVersion)
+		out += fmt.Sprintf("\n[info] sops %s is available, update with `go get -u go.mozilla.org/sops/v3/cmd/sops`\n", upstreamVersion)
 	} else {
 		out += " (latest)\n"
 	}