Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for Age SSH #898

Closed
wants to merge 4 commits into from
Closed

Add support for Age SSH #898

wants to merge 4 commits into from

Conversation

iamd3vil
Copy link

@iamd3vil iamd3vil commented Jul 1, 2021

Currently sops only supports age with age keys. This PR adds support for using SSH keys for encryption, decryption using age.

Usage

Encryption

./sops --ssh /home/user/.ssh/id_ed25519.pub -e -i secrets.yaml

--ssh flag here denotes the ssh keys for encrypting.

Decryption

./sops -d enc.json

If there is no SOPS_AGE_SSH_PRIVATE_KEY env variable given, sops will check ~/.ssh/id_ed25519 and fallbacks to ~/.ssh/id_rsa.

Let me know if I need to do any changes.

P.S: I have updated to the latest version as well.

@itscaro
Copy link

itscaro commented Dec 6, 2021

Any news on this PR?

@hikhvar
Copy link

hikhvar commented Jan 25, 2022

This fixes #692 and would allow a really streamlined process combined with gitops tools like argocd or flux.

overfl0
overfl0 reviewed Feb 8, 2022
View reviewed changes
agessh/keysource.go Outdated Show resolved Hide resolved
@ajvb ajvb self-assigned this Feb 24, 2022
@ajvb ajvb added this to the v3.7.3 milestone Mar 3, 2022
@wentasah wentasah mentioned this pull request Apr 22, 2022
Merged
@ajvb ajvb modified the milestones: v3.7.3, v3.8.0 May 2, 2022
@hiddeco hiddeco self-requested a review May 28, 2022 10:07
@hiddeco
Copy link
Member

hiddeco commented Jun 2, 2022

GitOps tool maintainer here (Flux). Thanks a lot for this contribution, I have no doubt this will be extremely useful to quite some users. 🥇

I have assigned this to myself to review, but am waiting for #1064 to land first as I have a gut feeling it would be better to merge the two key source into one than to introduce an additional one. For this, I need a clear view on the state of develop post-merge in combination with this PR. Please hold for a tiny bit longer 🙇

@saimonn
Copy link

saimonn commented Jun 21, 2022

@hiddeco #1064 is now merged, is there some way we could help to merge this current PR as well ?

@hiddeco
Copy link
Member

hiddeco commented Jul 6, 2022

Sorry for the wait folks, this has been on my to-do list for some time but #1072 and #1085 had a bit more priority.

Based on a quick study of the current key source implementation in develop and age itself, I am wondering if the current age.X25519Recipient in this implementation could be replaced with a more generic age.Recipient. We could then load decryption keys (identities) from all known files (either X25519 or SSH), and re-use most logic already there with some minor changes to deal with different receiver string types. WDYT?

@mstrangfeld mstrangfeld mentioned this pull request Oct 24, 2022
Open
@Sebor
Copy link

Sebor commented Nov 13, 2022

Hello @hiddeco!
Any news about the review?

@neongreen
Copy link

Would also love to have this. Perhaps there is somebody else who can pick up the review?

@neongreen
Copy link

Or should it be closed in favor of #1134? @hiddeco

@hiddeco
Copy link
Member

hiddeco commented Oct 11, 2023

While I really do appreciate your work here @iamd3vil, I am going to close this in favor of #1134 which incorporates the feedback I gave in #898 (comment). Thank you very much nonetheless! 🙇

@hiddeco hiddeco closed this Oct 11, 2023
@hiddeco hiddeco removed this from the v3.9.0 milestone Oct 11, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@overfl0 overfl0 overfl0 left review comments

@cedi cedi cedi approved these changes

@hiddeco hiddeco Awaiting requested review from hiddeco

Assignees

@ajvb ajvb

Labels
area/keyservice enhancement keyservice/age
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
10 participants
@iamd3vil @itscaro @hikhvar @hiddeco @saimonn @Sebor @neongreen @overfl0 @cedi @ajvb