Documentation

Index

Constants

View Source
const KMS_ENC_CTX_BUG_FIXED_VERSION = "3.3.0"

    KMS_ENC_CTX_BUG_FIXED_VERSION represents the SOPS version in which the encryption context bug was fixed

    Variables

    This section is empty.

    Functions

    func DecryptTree

    func DecryptTree(opts DecryptTreeOpts) (dataKey []byte, err error)

      DecryptTree decrypts the tree passed in through the DecryptTreeOpts and additionally returns the decrypted data key

      func DetectKMSEncryptionContextBug

      func DetectKMSEncryptionContextBug(tree *sops.Tree) (bool, error)

        DetectKMSEncryptionContextBug returns true if the encryption context bug is detected in a given runtime sops.Tree object

        func EncryptTree

        func EncryptTree(opts EncryptTreeOpts) error

          EncryptTree encrypts the tree passed in through the EncryptTreeOpts

          func FixAWSKMSEncryptionContextBug

          func FixAWSKMSEncryptionContextBug(opts GenericDecryptOpts, tree *sops.Tree) (*sops.Tree, error)

            FixAWSKMSEncryptionContextBug is used to fix the issue described in https://github.com/mozilla/sops/pull/435

            func GetKMSKeyWithEncryptionCtx

            func GetKMSKeyWithEncryptionCtx(tree *sops.Tree) (keyGroupIndex int, keyIndex int, key *kms.MasterKey)

              GetKMSKeyWithEncryptionCtx returns the first KMS key affected by the encryption context bug as well as its location in the key groups.

              func IsEnvFile

              func IsEnvFile(path string) bool

                IsEnvFile returns true if a given file path corresponds to a .env file

                func IsIniFile

                func IsIniFile(path string) bool

                  IsIniFile returns true if a given file path corresponds to a INI file

                  func IsJSONFile

                  func IsJSONFile(path string) bool

                    IsJSONFile returns true if a given file path corresponds to a JSON file

                    func IsYAMLFile

                    func IsYAMLFile(path string) bool

                      IsYAMLFile returns true if a given file path corresponds to a YAML file

                      func LoadEncryptedFile

                      func LoadEncryptedFile(loader sops.EncryptedFileLoader, inputPath string) (*sops.Tree, error)

                        LoadEncryptedFile loads an encrypted SOPS file, returning a SOPS tree

                        func LoadEncryptedFileWithBugFixes

                        func LoadEncryptedFileWithBugFixes(opts GenericDecryptOpts) (*sops.Tree, error)

                          LoadEncryptedFileWithBugFixes is a wrapper around LoadEncryptedFile which includes check for the issue described in https://github.com/mozilla/sops/pull/435

                          func NewExitError

                          func NewExitError(i interface{}, exitCode int) *cli.ExitError

                            NewExitError returns a cli.ExitError given an error (wrapped in a generic interface{}) and an exit code to represent the failure

                            func PrettyPrintDiffs

                            func PrettyPrintDiffs(diffs []Diff)

                              PrettyPrintDiffs prints a slice of Diff objects to stdout

                              func RecoverDataKeyFromBuggyKMS

                              func RecoverDataKeyFromBuggyKMS(opts GenericDecryptOpts, tree *sops.Tree) []byte

                                RecoverDataKeyFromBuggyKMS loops through variations on Encryption Context to recover the datakey. This is used to fix the issue described in https://github.com/mozilla/sops/pull/435

                                Types

                                type DecryptTreeOpts

                                type DecryptTreeOpts struct {
                                	// Tree is the tree to be decrypted
                                	Tree *sops.Tree
                                	// KeyServices are the key services to be used for decryption of the data key
                                	KeyServices []keyservice.KeyServiceClient
                                	// IgnoreMac is whether or not to ignore the Message Authentication Code included in the SOPS tree
                                	IgnoreMac bool
                                	// Cipher is the cryptographic cipher to use to decrypt the values inside the tree
                                	Cipher sops.Cipher
                                }

                                  DecryptTreeOpts are the options needed to decrypt a tree

                                  type Diff

                                  type Diff struct {
                                  	Common  []keys.MasterKey
                                  	Added   []keys.MasterKey
                                  	Removed []keys.MasterKey
                                  }

                                    Diff represents a key diff

                                    func DiffKeyGroups

                                    func DiffKeyGroups(ours, theirs []sops.KeyGroup) []Diff

                                      DiffKeyGroups returns the list of diffs found in two sops.keyGroup slices

                                      type EncryptTreeOpts

                                      type EncryptTreeOpts struct {
                                      	// Tree is the tree to be encrypted
                                      	Tree *sops.Tree
                                      	// Cipher is the cryptographic cipher to use to encrypt the values inside the tree
                                      	Cipher sops.Cipher
                                      	// DataKey is the key the cipher should use to encrypt the values inside the tree
                                      	DataKey []byte
                                      }

                                        EncryptTreeOpts are the options needed to encrypt a tree

                                        type ExampleFileEmitter

                                        type ExampleFileEmitter interface {
                                        	EmitExample() []byte
                                        }

                                          ExampleFileEmitter emits example files. This is used by the `sops` binary whenever a new file is created, in order to present the user with a non-empty file

                                          type GenericDecryptOpts

                                          type GenericDecryptOpts struct {
                                          	Cipher      sops.Cipher
                                          	InputStore  sops.Store
                                          	InputPath   string
                                          	IgnoreMAC   bool
                                          	KeyServices []keyservice.KeyServiceClient
                                          }

                                            GenericDecryptOpts represents decryption options and config

                                            type Store

                                            type Store interface {
                                            	sops.Store
                                            	ExampleFileEmitter
                                            }

                                              Store handles marshaling and unmarshaling from SOPS files

                                              func DefaultStoreForPath

                                              func DefaultStoreForPath(path string) Store

                                                DefaultStoreForPath returns the correct format-specific implementation of the Store interface given the path to a file

                                                Source Files