diff --git a/README.rst b/README.rst index 3908a99bc..e2b31358e 100644 --- a/README.rst +++ b/README.rst @@ -292,12 +292,11 @@ Let's take an example: * file named **something.dev.yaml** should use one set of KMS A * file named **something.prod.yaml** should use another set of KMS B -* all other files use a third set of KMS C -* All live under **mysecretrepo/something.{dev,prod}.yaml** +* other files use a third set of KMS C +* all live under **mysecretrepo/something.{dev,prod}.yaml** -Under those circumstances, a configuration file placed at -**mysecretrepo/.sops.yaml** can drive the two sets of KMS used for the two types -of files. +Under those circumstances, a file placed at **mysecretrepo/.sops.yaml** +can manage the three sets of configurations for the three types of files: .. code:: yaml @@ -323,7 +322,7 @@ of files. When creating any file under **mysecretrepo**, whether at the root or under a subdirectory, sops will recursively look for a `.sops.yaml` file. If one is found, the filename of the file being created is compared with the filename -patterns of the configuration file. The first pattern that matches is selected, +regexes of the configuration file. The first regex that matches is selected, and its KMS and PGP keys are used to encrypt the file. Creating a new file with the right keys is now as simple as diff --git a/sops/__init__.py b/sops/__init__.py index dc5dadb87..eb6b27e6d 100644 --- a/sops/__init__.py +++ b/sops/__init__.py @@ -473,10 +473,16 @@ def find_config_for_file(filename, configloc): # when we find a file, exit the loop configloc = (i * "../") + DEFAULT_CONFIG_FILE break + if not configloc: + # no configuration was found + return None # load the config file as yaml and look for creation rules that # contain a regex that matches the current filename - with open(configloc, "rb") as filedesc: - config = ruamel.yaml.load(filedesc, ruamel.yaml.RoundTripLoader) + try: + with open(configloc, "rb") as filedesc: + config = ruamel.yaml.load(filedesc, ruamel.yaml.RoundTripLoader) + except IOError: + panic("no configuration file found at '%s'" % configloc, 61) if 'creation_rules' not in config: return None for rule in config["creation_rules"]: @@ -526,9 +532,9 @@ def verify_or_create_sops_branch(tree, kms_arns=None, pgp_fps=None): # we need a new data key has_at_least_one_method = False need_new_data_key = True - if kms_arns != "": + if kms_arns: tree, has_at_least_one_method = parse_kms_arn(tree, kms_arns) - if pgp_fps != "": + if pgp_fps: tree, has_at_least_one_method = parse_pgp_fp(tree, pgp_fps) if not has_at_least_one_method: panic("Error: No KMS ARN or PGP Fingerprint found to encrypt the data "