From 35f2d6a76e440fcb05c206a1b65ae37051b68305 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 8 Aug 2023 16:40:32 +0200 Subject: [PATCH] add dummy sops manifest --- pkgs/clan-cli/clan_cli/secrets/sops.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/pkgs/clan-cli/clan_cli/secrets/sops.py b/pkgs/clan-cli/clan_cli/secrets/sops.py index aee7f90f..dc9595b2 100644 --- a/pkgs/clan-cli/clan_cli/secrets/sops.py +++ b/pkgs/clan-cli/clan_cli/secrets/sops.py @@ -138,14 +138,17 @@ def encrypt_file( folder.mkdir(parents=True, exist_ok=True) # hopefully /tmp is written to an in-memory file to avoid leaking secrets - with NamedTemporaryFile(delete=False) as f: + with NamedTemporaryFile(delete=False) as dummy_manifest_file, NamedTemporaryFile( + delete=False + ) as f: try: with open(f.name, "w") as fd: if isinstance(content, str): fd.write(content) else: shutil.copyfileobj(content, fd) - args = ["sops"] + # we pass an empty manifest to pick up existing configuration of the user + args = ["sops", "--config", dummy_manifest_file.name] for key in keys: args.extend(["--age", key]) args.extend(["-i", "--encrypt", str(f.name)])