Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Add support for kms key aliases #1537

Draft
wants to merge 4 commits into
base: main
Choose a base branch
from

Conversation

Geun-Oh
Copy link

@Geun-Oh Geun-Oh commented Jun 21, 2024

Hello Guys.
I'm here to close issue #381

I already implemented core logic of alias to arn, and checked that it works well.
you can excute it by making bin file with go install.
There's an exmaple of it.

hello.enc.json

{
    "secret": "hello world"
}
$ sops --encrypt --kms=deployment-common hello.dec.json > hello.enc.json

and it comes like this.

hello.dec.json

{
	"secret": "ENC[AES256_GCM,data:8b5cb4UE...I4Q==,type:str]",
	"sops": {
		"kms": [
			{
				"arn": "deployment-common",
				"created_at": "2024-06-20T14:57:52Z",
				"enc": "AQICAHj1y+..../BQxGpwwM4Zwg==",
				"aws_profile": ""
			}
		],
		"gcp_kms": null,
		"azure_kv": null,
		"hc_vault": null,
		"age": null,
		"lastmodified": "2024-06-20T14:57:52Z",
		"mac": "ENC[AES256_GCM,data:GaLp+/g...=,tag:d1Xw6Xp8C/8TZsnPzjPsZA==,type:str]",
		"pgp": null,
		"unencrypted_suffix": "_unencrypted",
		"version": "3.8.1"
	}
}

Now there is some tasks that should be resolved.

  • add alias field (now it's sharing arn field)
  • add regex of alias(maybe just a string. any idea will be welcomed) + region fetching at createKMSConfig()
  • clean up redundant logic and optimization

Since I'm not an expert of Go. Please come an contribute together.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants