sops
This module provides functionality for working with [Mozilla SOPS](https://github.com/getsops/sops)in a Dagger pipeline. It supports generating AGE keys, encrypting and decrypting files.
Files are mounted into a container and processed using the `sops` CLI tool.
Functions:
- GenerateAgeKey: Generates a new AGE key pair
- GenerateSopsConfig: Generates a .sops.yaml configuration file
- Encrypt: Encrypts a plaintext file using SOPS with an AGE key
- Decrypt: Decrypts a SOPS-encrypted file and returns the decrypted file
Installation
dagger install github.com/stuttgart-things/dagger/sops@v0.74.0Entrypoint
Return Type
SopsExample
dagger -m github.com/stuttgart-things/dagger/sops@53a955312c5fc74b04edf1dc4f12831e5177b118 call \
func (m *MyModule) Example() *dagger.Sops {
return dag.
Sops()
}@function
def example() -> dagger.Sops:
return (
dag.sops()
)@func()
example(): Sops {
return dag
.sops()
}Types
Sops 🔗
baseImage() 🔗
Return Type
String !Example
dagger -m github.com/stuttgart-things/dagger/sops@53a955312c5fc74b04edf1dc4f12831e5177b118 call \
base-imagefunc (m *MyModule) Example(ctx context.Context) string {
return dag.
Sops().
BaseImage(ctx)
}@function
async def example() -> str:
return await (
dag.sops()
.base_image()
)@func()
async example(): Promise<string> {
return dag
.sops()
.baseImage()
}generateSopsConfig() 🔗
GenerateSopsConfig generates a .sops.yaml configuration file with creation rules for the given AGE key. The fileExtensions parameter accepts a comma-separated list of extensions (e.g., “yaml,json,env”). If not provided, defaults to “yaml,json”.
Return Type
File !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| agePublicKey | String ! | - | No description provided |
| fileExtensions | String | - | No description provided |
Example
dagger -m github.com/stuttgart-things/dagger/sops@53a955312c5fc74b04edf1dc4f12831e5177b118 call \
generate-sops-config --age-public-key stringfunc (m *MyModule) Example(agePublicKey string) *dagger.File {
return dag.
Sops().
GenerateSopsConfig(agePublicKey)
}@function
def example(age_public_key: str) -> dagger.File:
return (
dag.sops()
.generate_sops_config(age_public_key)
)@func()
example(agePublicKey: string): File {
return dag
.sops()
.generateSopsConfig(agePublicKey)
}encrypt() 🔗
Return Type
File !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| ageKey | Secret ! | - | No description provided |
| plaintextFile | File ! | - | No description provided |
| fileExtension | String ! | - | e.g., "yaml", "json", "env" |
| sopsConfig | File ! | - | Optional: ~/.sops.yaml config file |
Example
dagger -m github.com/stuttgart-things/dagger/sops@53a955312c5fc74b04edf1dc4f12831e5177b118 call \
encrypt --age-key env:MYSECRET --plaintext-file file:path --file-extension string --sops-config file:pathfunc (m *MyModule) Example(ageKey *dagger.Secret, plaintextFile *dagger.File, fileExtension string, sopsConfig *dagger.File) *dagger.File {
return dag.
Sops().
Encrypt(ageKey, plaintextFile, fileExtension, sopsConfig)
}@function
def example(age_key: dagger.Secret, plaintext_file: dagger.File, file_extension: str, sops_config: dagger.File) -> dagger.File:
return (
dag.sops()
.encrypt(age_key, plaintext_file, file_extension, sops_config)
)@func()
example(ageKey: Secret, plaintextFile: File, fileExtension: string, sopsConfig: File): File {
return dag
.sops()
.encrypt(ageKey, plaintextFile, fileExtension, sopsConfig)
}generateAgeKey() 🔗
GenerateAgeKey generates a new AGE key pair using age-keygen. Returns the key file containing both the public key (in a comment) and the private key.
Return Type
File !Example
dagger -m github.com/stuttgart-things/dagger/sops@53a955312c5fc74b04edf1dc4f12831e5177b118 call \
generate-age-keyfunc (m *MyModule) Example() *dagger.File {
return dag.
Sops().
GenerateAgeKey()
}@function
def example() -> dagger.File:
return (
dag.sops()
.generate_age_key()
)@func()
example(): File {
return dag
.sops()
.generateAgeKey()
}decrypt() 🔗
Decrypt decrypts a SOPS-encrypted file using an AGE key. Returns the decrypted file.
Return Type
File !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| sopsKey | Secret ! | - | No description provided |
| encryptedFile | File ! | - | No description provided |
Example
dagger -m github.com/stuttgart-things/dagger/sops@53a955312c5fc74b04edf1dc4f12831e5177b118 call \
decrypt --sops-key env:MYSECRET --encrypted-file file:pathfunc (m *MyModule) Example(sopsKey *dagger.Secret, encryptedFile *dagger.File) *dagger.File {
return dag.
Sops().
Decrypt(sopsKey, encryptedFile)
}@function
def example(sops_key: dagger.Secret, encrypted_file: dagger.File) -> dagger.File:
return (
dag.sops()
.decrypt(sops_key, encrypted_file)
)@func()
example(sopsKey: Secret, encryptedFile: File): File {
return dag
.sops()
.decrypt(sopsKey, encryptedFile)
}