Enhancement proposition: input type support for files
hmehta opened this issue · comments
I would like to request a small enhancement: supporting the sops-supported input/output-type arguments for files in KSOPS. This would allow the user to use files using the INI-format without explicitly defining the .ini filetype extension. See my project for example:
kustomization.yaml
:
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
generators:
- ksops-secret-generator.yaml
ksops-secret-generator.yaml
:
apiVersion: viaduct.ai/v1
kind: ksops
metadata:
name: my-ksops-generator
annotations:
config.kubernetes.io/function: |
exec:
path: ksops
secretFrom:
- metadata:
name: my-secret
annotations:
kustomize.config.k8s.io/needs-hash: "true"
type: Opaque
files:
# I would love to be able to do something like:
# - path: my.enc.credentials
# type: ini
- my.enc.credentials
- other.enc.ini
Both my.enc.credentials and other.enc.ini were generated like this:
cat > my.enc.credentials <<EOF
[section]
key = value
EOF
sops --input-type=ini --output-type=ini -i -e my.enc.credentials
If I only use the file ending in .ini, everything works as expected, but if the file extension is not .ini, the INI-format is not detected. This is caused by: https://github.com/viaduct-ai/kustomize-sops/blob/master/ksops.go#L228
So the suggestion is to have the files array contain either strings to files like now when the formats.FormatForPath
would be used to deduce the format to pass to sops decryptDataWithFormat
and also support something like this:
files:
- path: my.enc.credentials
type: ini
- path: my.enc.docker.config
type: json