Ability to optionally set human-readable name to keys in sops config file #366
Labels
Comments
|
It'd also be nice to be able to do the same for key groups. It might also be worth it to support something like: keys:
- name: user1
pgp: 1022470DE3F0BC54BC6AB62DE05550BC07FB1A0A
- name: kms-prod
kms: arn:aws:kms:us-west-2:927034868273:key/fe86dd69-4132-404c-ab86-4269956b4500
groups:
- name: operators
keys:
- user1
creation_rules:
- path_regex: \.ops\.yaml$
key_groups:
- operators
- path_regex: .*
key_groups:
- name: prod
keys:
- kms-prodAlthough perhaps it's too complex |
|
We put comments in the file which helps: creation_rules:
# Operators
- path_regex: .some-secrets.yaml
key_groups:
- pgp:
# Robot (Deployer)
- 0367E722878D9586894386ED2E38389A4F9B4FAE
# Robot (Global Backup)
- 09EA6D8A1B5E8CE18F3C9FC845E5EF716FB2B767 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'd like to be able to set a name for each key in a sops config file. The main benefit for this is the potential to vastly improve error messages on decryption failures when you have a number of PGP keys within the config file. Currently you will have a huge error output and it can be difficult to parse what error is relevant to your key, especially if you don't immediately recognize your fingerprint.
The text was updated successfully, but these errors were encountered: