mirror of
https://github.com/getsops/sops.git
synced 2026-02-05 12:45:21 +01:00
02a866f27d
This adds improvements to identity loading, extensive test coverage and a general tidying of bits of code. The improvements are based on a fork of the age key source in the Flux project's kustomize-controller, which was built due to SOPS' limitations around identity management without relying on runtime environment variables. - It introduces a `ParsedIdentity` type which contains a slice of age identities, and can be applied to the `MasterKey`. When applied, further loading of identities from the runtime environment is skipped for `Decrypt` operations. This is most useful when working with SOPS as an SDK, in combination with e.g. a local key service server implementation. - The `Identity` field has been deprecated in the `MasterKey` struct. Presence of the field was misleading, as it is not actually used. - Any detected identity reference is now loaded, instead of it assuming a priority order. This makes more sense, as age is able to work with a set of loaded identities. If no environment variables are defined, the existence of the keys.txt in the user's config directory is required. - Decrypt logs have been added to match other key sources. - Extensive test coverage. Signed-off-by: Hidde Beydals <hello@hidde.co>