Boris Kreitchman
Boris Kreitchman
@ajvb Hi, sorry to bother you, but could you maybe take a look please? Hopefully it's a quick win :)
We are affected by this as well. We use Hashicorp Vault for editing secrets and servers have _age_ private key for decryption (via [Flux CD](https://fluxcd.io/)). The problem is that some...
@lenalebt If your teammates don't have correct PGP key then SOPS will just continue to KMS. And if you do have PGP then why not to use it?
`--prefer` / `--decryption-order` could be useful but it's a bit complicated to pass it when SOPS is used as a library (for example in FluxCD). Maybe to store it inside...
Well, basically sorting offline methods could be a private (and default) case as `--decryption-order age,pgp` but priority could be given to other key types too, i.e. `--decryption-order kms,gcpkms`. And idea...
@hiddeco Ok, rebased and signed-off. Great to see that the project is back to life! 🎉
> [#305 (comment)](https://github.com/getsops/sops/issues/305#issuecomment-1793766331) might be preferable to this solution, since it is more flexible. @felixfontein Hi, I've opened #1345 which supports comma-separated `--decryption-order` to replace this PR. (or I can...
@VanCoding looks like it was fixed by https://github.com/kubernetes/ingress-nginx/pull/13610
> Also what happens with KMS encrypted secrets? @stefanprodan With AWS KMS - if user running diff has access to the KMS key (via role or creds in env vars...