I have configured SOPS with generator:
.sops.yaml
creation_rules:
- path_regex: .dev.yaml$
kms: *kms_arn*
aws_profile: dev
To generate a file
sops secrets.dev.yaml
It generates file with encryption as:
hello: ENC[AES256_GCM,data:8gtnzBNu2AG9l2zHFy3ovCS0gWFj3bdjgb3B/X8CUkvgox8GcxLQv/99aMUndQ==,iv:lw8VYzpWQUrm6bWQgJ6/KEYizhe8VxJAmdysF+Q6zTM=,tag:vRrdCo/iH4ec4dPzI7DB5Q==,type:str]
sops:
kms:
- arn: *kms_arn*
created_at: '2021-01-12T05:24:17Z'
enc: *enc_key*
aws_profile: dev
gcp_kms: []
azure_kv: []
hc_vault: []
lastmodified: "2021-01-12T05:24:43Z"
mac: *mac_key*
pgp: []
unencrypted_suffix: _unencrypted
version: 3.6.1
Using in terragrunt:
terragrunt.hcl
locals {
secret_vars = yamldecode(sops_decrypt_file(find_in_parent_folders("secrets.dev.yaml")))
}
Error:
Error: Error in function call:
Call to function "sops_decrypt_file" failed: Error getting data key: 0 successful groups required, got 0.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…