Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

plugin does not decrypt an AWS KMS encrypted file #21

Closed
edkreepio opened this issue Mar 12, 2024 · 7 comments
Closed

plugin does not decrypt an AWS KMS encrypted file #21

edkreepio opened this issue Mar 12, 2024 · 7 comments

Comments

@edkreepio
Copy link

I am having some issues to make it work as well, i got a sops encrypted file called aws_credentials (no extension). I am using AWS KMS

The content of aws_credentials looks like this:

{
	"data": "ENC[AES256_GCM,data:DATA_IN_BASE64_HERE,type:str]",
	"sops": {
		"kms": [
			{
				"arn": "arn:aws:kms:eu-central-1:MY_AWS_ACCOUNT_ID:key/MY_KEY_ID",
				"created_at": "2023-10-09T14:18:03Z",
				"enc": "ANOTHER_BASE64_ENC",
				"aws_profile": ""
			}
		],
		"gcp_kms": null,
		"azure_kv": null,
		"hc_vault": null,
		"age": null,
		"lastmodified": "2023-10-09T14:18:26Z",
		"mac": "ENC[AES256_GCM,data:BASE_64_MAC,type:str]",
		"pgp": null,
		"unencrypted_suffix": "_unencrypted",
		"version": "3.7.3"
	}
}

Running sops -d aws_credentials decrypts the file successfully!

$ sops --version                                              
sops 3.7.3

JetBrains Rider 2023.3.3
Build #RD-233.14015.60, built on January 19, 2024
Licensed to me
Subscription is active until October 25, 2024.
Runtime version: 17.0.9+7-b1087.11 amd64
VM: OpenJDK 64-Bit Server VM by JetBrains s.r.o.
Linux 6.5.0-25-generic
.NET Core v7.0.10 x64 (Server GC)
GC: G1 Young Generation, G1 Old Generation
Memory: 2956M
Cores: 12
Registry:
editor.config.csharp.support=true
Non-Bundled Plugins:
com.github.daputzy.intellij-sops-plugin (1.5.1)
com.intellij.ml.llm (233.14015.147)
Current Desktop: ubuntu:GNOME
@DaPutzy
Copy link
Owner

DaPutzy commented Mar 12, 2024

It checks if there is a sops config in any parent folder in the project.

Is that the case in your project? Thats about the only thing i can think of why it wouldnt work.

@edkreepio
Copy link
Author

So far I have only tried this particular combination, perhaps you could give an working example to start with?

BTW is the file extension relevant? I renamed the file to aws_credentials.json and unfortunately didn't work.

The plugin settings are set to its default, and sops executable is in the PATH.

image

@edkreepio
Copy link
Author

Side note, the content of the un-encrypted aws_credentials file it is NOT json NEITHER yaml.

For instance:

[default]
aws_access_key_id = SOME_KEY
aws_secret_access_key = SOME_REGION
region = eu-central-1

@DaPutzy
Copy link
Owner

DaPutzy commented Mar 12, 2024
edited
Loading

Your settings look good and the file ending should not matter (at least for decrypting). But the plugin requires a sops config (.sops.yaml) in the same or any of the parent folders.

I would link to the relevant section of the official sops README but it appears github has issues rendering it :D
Screenshot 2024-03-12 at 10 18 58

@DaPutzy
Copy link
Owner

DaPutzy commented Mar 12, 2024

Any update? :)

@DaPutzy
Copy link
Owner

DaPutzy commented Mar 18, 2024

Hi, did the sops config fix your issue?

@DaPutzy
Copy link
Owner

DaPutzy commented Mar 28, 2024
edited
Loading

Ill close this for now, within the next couple of days a new release will hit that should be able to sops without a .sops.yaml (#22).

I would appreciate it if you could remove/adjust your rating in the jetbrains marketplace once your issue is resolved.

@DaPutzy DaPutzy closed this as completed Mar 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DaPutzy @edkreepio