Plaintext secrets #1096
Comments
|
Hi @MartinAltmayerTMH have you tried disabling all conversions? const secret = new SopsSecret(this, 'SopsComplexSecretJSON', {
convertToJSON: false, // disable converting the encrypted content to JSON
stringify: false, // disable stringifying all values
flatten: false, // disable flattening of the object structure
sopsFilePath: 'secrets/sopsfile-encrypted.json',
});If it does not work, can you provide an example content? |
|
Disabling the conversions will create a plaintext secret in AWS. However, it will still contain the key and the value from the SOPS file. I'd like to store just the value, e.g. The problem is that SOPS requires a top-level object (so they can store their metadata below And this is the secret created with all conversions disabled:
|
|
Understood! I think adding an option called "plaintext" that removes the "data" key from the decrypted sops file would solve this issue. The key to be removed should be configurable by the user and default to "data" – that's what sops creates when you encrypt plain text. In your case, it is the key "value". |
|
Maybe I found another solution - think I will finish it tomorrow. |
# BREAKING CHANGE: v2.0 Fixes #1090, #1096, #1092, #1043, #1045 # Features - update Go AWS SDK V2 - Handling of raw secrets - Handling of binary secrets ## Migrate from V1 to V2 It was required to change some user facing configuration properties. So minor changes are required to make things work again. ### SecretsManager - Removed property convertToJSON, flatten, stringifiedValues - Use property rawOutput instaed: - `undefined / not set` => (default) convertToJSON and flatten and stringifiedValues = true - `RawOutput.STRING` => convertToJSON and flatten and stringifiedValues = false - `RawOutput.BINARY` => convertToJSON and flatten and stringifiedValues = false and Secret is binary ### Parameter - Removed property convertToJSON, flatten, stringifiedValues => all of them made no sense - now only raw output of decrypted secret ### MultiParameter - Removed property convertToJSON, flatten, stringifiedValues => most of this combinations made no sense - Allways convertToJson and flatten (as we have to parse it to create multiple parameters) - You are allowed to chose the flattenSeperator --------- Signed-off-by: Florian Fl Bauer <[email protected]> Signed-off-by: github-actions <[email protected]> Signed-off-by: lennartrommeiss <[email protected]> Co-authored-by: Florian Bauer <[email protected]> Co-authored-by: github-actions <[email protected]> Co-authored-by: lennartrommeiss <[email protected]> Co-authored-by: Lennart Rommeiss <[email protected]>
|
This is possible in Version 2.0 You have to encode your secret as "binary" and use the |
|
I've just tested this successfully. Thanks a lot for implementing this! |
Is there an option to sync plaintext values to AWS Secrets Manager? From what I can see, SOPS requires me to specify a JSON/YAML object and cdk-sops-secrets will just copy this object (without the special 'sops' key) as a key/value secret.
I'd like to have just a string, without any JSON/YAML around it:
The text was updated successfully, but these errors were encountered: