getsops/sops

Update Documentation for usage with ansible inventory. Parameter: _valid_extensions

ZzenlD opened this issue · 1 comments

In my ansible inventory i encrypt only some of the variables with the command:

sops —set ‘[“foo_password“] “password_value“‘ host_vars/example_host.yml

My .sops.yml looks like:

creation_rules:
  - age: <my-age-key>
     encrypted_regex: _(password|apikey)$
     mac_only_encrypted: true 

The encryption works fine and as expected, but the decryption is not working.
In ansible i use the community.sops.sops_vars-plugin and my ansible.cfg looks like:

[defaults]
vars_plugins_enabled = host_group_vars,community.sops.sops

[community.sops]
age_keyfile = <path to key-file>
config_file = <path to config-file>
_valid_extensions = [“.sops.yml“, “.sops.yaml“, “.sops.json“, “.yml“]

If i understood correctly i can say then community.sops.sops_vars-plugin with the parameter _valid_extensions that it should also read my normal yaml-files. But it does not work.

Thanks for your help, maybe i missunderstood something.

Closing since this is an Ansible question and nothing that affects the SOPS project. Also you did open it as ansible-collections/community.sops#183 as well :)