Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrAlreadyEncrypted is returned when Encrypt is called on a file // that is already encrypted. ErrAlreadyEncrypted = errors.New("file is already encrypted") // ErrNotEncrypted is returned when Decrypt is called on a file that // is not encrypted. ErrNotEncrypted = errors.New("file is not encrypted") )
Functions ¶
func DecryptFileToMap ¶
func DecryptFileToMap(ec EncrypterDecrypter, filePath string) (map[string]any, error)
DecryptFileToMap decrypts a file using the provided Decrypter and returns the content as a map[string]any.
func IsContentEncrypted ¶
IsContentEncrypted checks if file contents contain SOPS encryption markers.
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client executes SOPS operations using a configured provider.
type Decrypter ¶
Decrypter decrypts a SOPS file using the CLI with the specified provider. Uses the SOPS cli, assumes it's installed.
Example:
err := sops.Decrypter("secrets/production.yaml")
type Encrypter ¶
Encrypter encrypts a SOPS file using the CLI with the specified provider. Uses the SOPS CLI, assumes it's installed.
Example:
err := sops.Encrypt("secrets/production.yaml")
type EncrypterDecrypter ¶
EncrypterDecrypter combines encryption and decryption operations.
type Provider ¶
type Provider interface {
// EncryptArgs returns the CLI args needed for encryption.
// e.g. ["--age", "age1abc..."] or ["--kms", "arn:aws:kms:..."]
EncryptArgs() ([]string, error)
// DecryptArgs returns the CLI args needed for decryption.
// e.g. ["--age", "age1abc..."] or ["--kms", "arn:aws:kms:..."]
DecryptArgs() ([]string, error)
// Environment returns environment variables needed for SOPS operations
// e.g., ["SOPS_AGE_KEY=AGE-SECRET-KEY-1..."]
Environment() map[string]string
}
Provider abstracts different key management strategies for SOPS encryption. Implementations provide the necessary CLI arguments and environment variables for SOPS to execute.
Source Files