Support AWS KMS Encryption Context by dictcp · Pull Request #76 · getsops/sops
| .format(default=DEFAULT_CONFIG_FILE)) | ||
| argparser.add_argument('--encryption-context', dest='context', | ||
| help="KMS encryption context: " | ||
| "key-value pair dict encoded in JSON") |
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I haven't used KMS encryption contexts, but would there be a way to expand this to not require JSON on the command line but take individual parameters instead? We already have a custom csv format for specifying multiple kms and pgp on the command line, and I'd prefer to avoid introducing another format.
This is a interesting feature, thanks for sending the patch!
Could you add some documentation to the README to explain how this is meant to be used? I'd also suggest adding a couple unit tests.
|
|
||
| SOPS has the ability to use AWS KMS key policy and encryption context | ||
| <http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html> | ||
| to further fine control access under the same master key. |
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
to refine the access control of a given KMS master key.
This is getting close, I just have a couple comments on the documentation. Once you fix them, I'll merge the patch and we can test it for a couple weeks before releasing 1.14.
Thanks for the patches! The build is breaking before of unrelated issues, so I'm going to merge this and fix the rest in master.
This looks neat, much appreciated! + 💯 👍
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters