marshal nested secrets value to string #454
Conversation
Signed-off-by: iosmanthus <[email protected]>
Signed-off-by: iosmanthus <[email protected]>
|
Seem the serialized yaml value has some newline, I should trim the output string. |
Signed-off-by: iosmanthus <[email protected]>
|
So the idea is that we can have yaml and json encrypted without having to put them in strings? Would be nice to extend the test case those those as well: https://github.com/Mic92/sops-nix/blob/master/pkgs/sops-install-secrets/nixos-test.nix The script to update secrets is here: https://github.com/Mic92/sops-nix/blob/master/pkgs/sops-install-secrets/test-assets/sops-edit |
The basic idea is to support any value in a nested secret. However, I found some edge cases for this pull request:
I would add some tests to |
|
Maybe it should only render arrays and hashmaps? |
Signed-off-by: iosmanthus <[email protected]>
Signed-off-by: iosmanthus <[email protected]>
Signed-off-by: iosmanthus <[email protected]>
Signed-off-by: iosmanthus <[email protected]>
Signed-off-by: iosmanthus <[email protected]>
Signed-off-by: iosmanthus <[email protected]>
Signed-off-by: iosmanthus <[email protected]>
Perhaps we should marshal nested secrets only in JSON format because it is indent-insensitive. The YAML nested secrets are difficult to fit in the template due to indentation issues. |
|
Is there an ETA on this getting merged? Currently it is blocking me from including a traefik.env file. |
|
+1 |
|
Curious how this PR will affect the secrets declaration, I was attempting this before finding this PR: sops.secrets."cachix-auth-token" = {
mode = "0400";
key = "'[\"cachix-auth-token\"][\"value\"]'";
};Which mirrors the CLI |
This pull request marshals nested secret values according to the format of the secret file.