-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
latest (go) sops version leads error when editing secrets #282
Comments
on my side, to get it working (
then all worked nice |
Did you import your key into the keyring (e.g. |
See what the Helm task does in https://github.com/opendevstack/ods-pipeline/blob/master/cmd/deploy-with-helm/main.go#L478. The SOPS version in use there is 3.6.1, see https://github.com/opendevstack/ods-pipeline/runs/4190731677?check_suite_focus=true#step:4:671. Maybe a docs issue? |
IIRC all I did was step 3-9 of the link that is provided in the instructions (https://docs.github.com/en/authentication/managing-commit-signature-verification/generating-a-new-gpg-key). The other steps seemed not applicable because they seem to be github specific. If I see that right, the import command you mention is not listed there. so I basically did: and then to get the fingerprint for the sops yaml: |
Right, the step I mentioned (importing the key) is not listed in the GitHub docs, it is hidden pretty well in the SOPS documentation ;) @renedupont or @kuebler could you try this with the latest SOPS version? |
Strangely enough, I can't reproduce it anymore, looks like it works for me now (using |
After looking into it a bit further, @michaelsauter found the command It is still weird that my sops looks for a |
This is so frustrating. Maybe we should have a look into age, as a way simpler method to encrypt/decrypt. Unfortunately it seems to be supported only via SOPS, too. That said, SOPS recommends using age now, and the latest release of helm-secrets also added more support for it: https://github.com/jkroepke/helm-secrets/blob/main/docs/ARGOCD.md. |
So with age, this is how it would work:
Of course a downside is that this requires to install We could/should add If we go forward with this, then the next step should probably be to support Thoughts @gerardcl @renedupont @kuebler? |
based on the roadmaps, it totally makes sense! I can try to jump in (looks like a good first issue :) ) and collaborate on adding it for next release? |
@gerardcl Cool! Let's see what the others think first, and if we all agree we go forward with this. I'd split it into two tasks then:
|
As just discussed with @michaelsauter, instead of
where If not done this way you get:
By just using |
I created a PR for the setup instructions part: #292 |
@gerardcl if you want to run with this, please create the issue for |
I have been running into PGP not able to decrypt as well as I am targeting version v0.1.1. For me the following helped: getsops/sops#304 (comment) |
As suggested in #279 (comment) I tried the following:
@kuebler mentioned to me that he faced the same issue and that it might be due to the latest (go) implementation of sops not supporting the current GPG2 keyring format!? He said when he removed sops and installed the deprecated python version of it, it worked.
So, should this be further investigated or do we add to the instructions to use the old python sops?
The text was updated successfully, but these errors were encountered: