* Close tmpfile after writing
Windows will not allow for deletion of a file with an open handle,
close tmpfile after writing to prevent unencrypted tmpfiles out-living
the execution
* Update cmd/sops/edit.go
Co-authored-by: Adrian Utrilla <adrianutrilla@gmail.com>
* defer edited file close
Co-authored-by: Adrian Utrilla <adrianutrilla@gmail.com>
* Fix tests
* Fix endless loop in x/crypto/openpgp func ReadMessage
This fixes https://github.com/mozilla/sops/issues/665
See also https://github.com/golang/go/issues/28786
In some strange situations it can happen, that openpgp.ReadMessage()
runs into a endless loop. This seems to be triggered by a slightly
inconsistency in key settings.
It happened to me, but I wasn't able to reproduce it with a fresh key.
A proposed solution from the x/crypto community was, to break this loop
in the callback passphrasePrompt.
* Revert "Fix tests"
This reverts commit 285f4dc8a1.
* Improve error description
https://github.com/mozilla/sops/pull/690#discussion_r451630193
"sops updatekeys" is not working the same as when encrypting a file. The
reason is that for "sops --encrypt", the file path is made absolute before
it is compared with the path_regex in the config file. This is not done for
"sops updatekeys", therefore it does not match the correct entry in the
config file when updating keys.
* update 'updatekeys' subcommand to use config (if exists) from commandline
* Fix #671: `updatekeys` checks for config file flag
The 'updatekeys' subcommand did not check for the config flag
in the command line. Add that check and if found use it to set configPath.
* Fix #671: `updatekeys` checks for config file flag
The 'updatekeys' subcommand did not check for the config global string flag.
Add that check and if found use it to set configPath.
* Fix #671: `updatekeys` checks for config file flag
The 'updatekeys' subcommand did not check for the config global string flag.
Add that check and if found use it to set configPath.
Edit: Remove mistake file addition
* Update cmd/sops/main.go
Co-authored-by: Adrian Utrilla <adrianutrilla@gmail.com>
* feat: initial adding of vualt transit backend to sops
initial work on integration
feat(vault): added cli coomands working for vualt"
fix(vault): fixed config with correct tests
fix(vault): added vault to keygroup and to keyservice server
fixed metadata load
* feat(docs): added docs in README.md and in command help
fix(doc): fix rst formatting"
fix(doc): fix rst formatting
* fix(vault): addressed typos and fixes from autrilla
feat(cli): moved vault to hc-vault naming
* fix(test): typo while rebasing
* fix typos and imporve error messages for vault kms
* rename package from vault to hcvault
* refactor vault keysource url validation
* add negative test cases for vault keysource
* add hc vault transit config option via objects
additional to URIs
* remove vault_example.yml
* streamline key name to snake case
* rename `BackendPath` to `EnginePath` for hc vault
* correction in hc-vault-transit commands
Signed-off-by: vnzongzna <github@vaibhavk.in>
* resolving conflict
Signed-off-by: vnzongzna <github@vaibhavk.in>
* Apply suggestions from code review
Co-Authored-By: Adrian Utrilla <adrianutrilla@gmail.com>
* allowing only hc_vault_transit_uri as input
Co-Authored-By: gitirabassi
Co-Authored-By: ldue
Signed-off-by: vnzongzna <github@vaibhavk.in>
Co-authored-by: gitirabassi <giacomo@tirabassi.eu>
Co-authored-by: ldue <larsduennwald@gmail.com>
Co-authored-by: Vaibhav Kaushik <vaibhavkaushik@vaibhavka-ltm1.internal.salesforce.com>
Co-authored-by: Adrian Utrilla <adrianutrilla@gmail.com>
