Difference between revisions of "Sops --decrypt"
Jump to navigation
Jump to search
| Line 11: | Line 11: | ||
File will be unencrypted and replated. | File will be unencrypted and replated. | ||
| + | |||
| + | |||
| + | To edit file directly in your text editor: | ||
sops contrib/helm/your-projects/secrets_prod.yaml | sops contrib/helm/your-projects/secrets_prod.yaml | ||
Revision as of 18:12, 9 October 2022
--decrypt, -d
sops --decrypt /path/to/your/file/to/decrypt.yaml sops --decrypt --in-place /path/to/your/file/to/decrypt.yaml
sops --decrypt contrib/helm/your-projects/secrets_prod.yaml (no output) File will be unencrypted and replated.
To edit file directly in your text editor:
sops contrib/helm/your-projects/secrets_prod.yaml
Errors
sops -d contrib/helm/your-aplication/secrets_prod.yaml > /tmp/decrypted_secrets_prod.yaml Failed to get the data key required to decrypt the SOPS file. Group 0: FAILED projects/your-project/locations/global/keyRings/sops/cryptoKeys/sops-encryption-key: FAILED - | Error decrypting key: googleapi: Error 403: Permission | 'cloudkms.cryptoKeyVersions.useToDecrypt' denied on resource | 'projects/your-project/locations/global/keyRings/sops/cryptoKeys/sops-encryption-key' | (or it may not exist)., forbidden Recovery failed because no master key was able to decrypt the file. In order for SOPS to recover the file, at least one key has to be successful, but none were. Solution: Cloud KMS CryptoKey Encrypter/Decrypter
Related
See also
- SOPS,
sops | sops -d | sops -e | sops exec-env | sops exec-file | sops publish | sops keyservice | sops groups | sops updatekeys | sops --help - SOPS: Secrets OPerationS,
sops, GCP,ENC[AES256_GCM, sops-secrets-operator
Advertising:
