Skip to content

Latest commit

 

History

History
47 lines (38 loc) · 2.06 KB

README.org

File metadata and controls

47 lines (38 loc) · 2.06 KB

sops: SOPS encrypt and decrypt without leaving the editor.

To learn more about Secret OPerationS: https://github.com/getsops/sops

Installation

By enabling global-sops-mode, sops-mode will try to enable itself automatically when we enter a SOPS encrypted file. When you see that sops is enabled you can use sops-edit-file to decrypt the file. After modifications have been made you can save with sops-save-file or discard modifications with sops-cancel.

elpaca + use-package

(defun sops-setup-env ()
  "Set environment variable for SOPS"
  (when (string-match "arn:aws:kms.*:\\([[:digit:]]+\\):" (buffer-string))
    (pcase (match-string-no-properties 1 (buffer-string))
      ("111111111111" (setenv "AWS_PROFILE" "dev"))
      ("222222222222" (setenv "AWS_PROFILE" "stage"))
      ("333333333333" (setenv "AWS_PROFILE" "prod"))
      (x (message "No matching AWS Profile for %s" x)))))

(use-package sops
  :ensure (:type git :host github :repo "djgoku/sops")
  :bind (("C-c C-c" . sops-save-file)
         ("C-c C-k" . sops-cancel)
         ("C-c C-d" . sops-edit-file))
  :init
  (setq sops-before-encrypt-decrypt-hook 'sops-setup-env)
  (global-sops-mode 1))

Custom Variables

VariableDescription
sops-executablePath to SOPS executable. Defaults to sops
sops-decrypt-argsSOPS decrypt arguments. Defaults to `("-d")
sops-before-encrypt-decrypt-hookRun function before encrypting or decrypting. Defaults to nil

Future

  • Add a variable to auto-decrypt when we enter an encrypted file when `global-sops-mode` is enabled.
  • Create new SOPS encrypted files via sops-mode.
  • If we fail to encrypt (sops < 3.9), we need to revert changes to original-file to encrypted state and switch back to decrypted buffer.
    • We should also show the error buffer too.