From d893aa148e92b0c9982ebdea45f719d4125aafef Mon Sep 17 00:00:00 2001
From: Felix Fontein <felix@fontein.de>
Date: Sat, 27 Sep 2025 10:59:13 +0200
Subject: [PATCH] Do not put sensitive value into error message when the key
 can be printed as well.

Signed-off-by: Felix Fontein <felix@fontein.de>
---
 cmd/sops/main.go       | 2 +-
 stores/dotenv/store.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/cmd/sops/main.go b/cmd/sops/main.go
index f24606f1c..7f4b07a46 100644
--- a/cmd/sops/main.go
+++ b/cmd/sops/main.go
@@ -242,7 +242,7 @@ func main() {
 				var env []string
 				for _, item := range tree.Branches[0] {
 					if dotenv.IsComplexValue(item.Value) {
-						return cli.NewExitError(fmt.Errorf("cannot use complex value in environment: %s", item.Value), codes.ErrorGeneric)
+						return cli.NewExitError(fmt.Errorf("cannot use complex value in environment; key is %s", item.Key), codes.ErrorGeneric)
 					}
 					if _, ok := item.Key.(sops.Comment); ok {
 						continue
diff --git a/stores/dotenv/store.go b/stores/dotenv/store.go
index d42db65c0..d163b7ead 100644
--- a/stores/dotenv/store.go
+++ b/stores/dotenv/store.go
@@ -139,7 +139,7 @@ func (store *Store) EmitPlainFile(in sops.TreeBranches) ([]byte, error) {
 	buffer := bytes.Buffer{}
 	for _, item := range in[0] {
 		if IsComplexValue(item.Value) {
-			return nil, fmt.Errorf("cannot use complex value in dotenv file: %s", item.Value)
+			return nil, fmt.Errorf("cannot use complex value in dotenv file; key is %s", item.Key)
 		}
 		var line string
 		if comment, ok := item.Key.(sops.Comment); ok {