* Add vault/api to vendor/
* Adds support for sops publish-ing to Vault
* Adds support for publishing secrets (unencrypted) to Vault
* Adds a new EmitAsMap for TreeBanches
* Adds documentation about sops publish-ing to Vault
* Initial integration/functional test for publishing to vault
* Implement auditing support
* Document auditing
* Address review comments
* Change log level for errors reading audit config
* Disable auditors during tests
* Make changes to docs suggested by @jvehent
* Code review fixes to init() in audit.go
* Implement encrypt audit event
* Include filepath in Tree created from sops/encrypt/encrypt
* Fix changes in audit.go to stay with current style
* Implement RotateEvent within rotate command
* github.com/lib/pq vendor dependencies
* Always get current user in PostgresAuditor.Handle()
* Initial CR fixes + gofmt
* gofmt
* fixed placement of audit event in rotate()
* Moved to a single table for audit events.
* Revert "Moved to a single table for audit events."
This reverts commit 7e7817e8a1.
* Remove audit tables delete protection rules
* Move to a single audit_event table with action column
* Remove unnecessary tree declaration
* Refactor Store interface to reflect operations SOPS performs
Previously the Store interface tried to mimic the Marshaler and Unmarshaler
interfaces. This was a mistake, as it meant Stores had no idea whether the files they
were loading were encrypted or not.
Partially fixes #334
* Add regression test for loading plain JSON file with binary store
functions
While the path inside the tree is commonly used as additional data for
AES ciphers, this is not always the case, so the generic name is better.
This happened when there's multiple master keys inside a single key
group. SOPS would decrypt the data key with every single key in the
group, when only one is needed. This meant that multiple "parts" are
found, so because SOPS encountered != 1 part without using Shamir, it
errored out.
This happened when there's multiple master keys inside a single key
group. SOPS would decrypt the data key with every single key in the
group, when only one is needed. This meant that multiple "parts" are
found, so because SOPS encountered != 1 part without using Shamir, it
errored out.
**IMPORTANT** This breaks compatibility of the file format in 1.x for
json files, due to the version being encoded as a number in json files.
The fix for this is easy, however. One can either use a previous version
of sops in the range [2.0.0, 2.0.9] to edit the file, or one can manually edit
the encrypted file and change the version from a number to a string
Previously we basically hand-converted the metadata struct into a map
which we then passed to the stores. Now, we convert the metadata struct
to a "serialization" struct, which the stores serialize
