CCCHH/ansible-infra
CCCHH/ansible-infra
2
2
Fork 2
Code Issues 8 Pull requests 7 Wiki Activity Actions

only allow sops encryption of *.sops.* files #69

Merged
lilly merged 1 commit from only-encrypt-sops-files-with-sops into main 2026-03-06 20:21:58 +01:00
Conversation 5 Commits 1 Files changed 1 +30 -30
lilly commented 2026-03-05 20:24:19 +01:00
Owner
Copy link

This prevents users from accidentally encrypting any file with sops because only creation rules for e.g. something.sops.yaml exist now. It also documents explicitly that all our sops files have this .sops. marker.

This prevents users from accidentally encrypting any file with sops because only creation rules for e.g. `something.sops.yaml` exist now. It also documents explicitly that all our sops files have this `.sops.` marker.
lilly self-assigned this 2026-03-05 20:24:19 +01:00
only allow sops encryption of *.sops.* files
Some checks failed
/ Ansible Lint (pull_request) Has been cancelled
Details
/ Ansible Lint (push) Has been cancelled
Details
7f80bb5e7c
lilly force-pushed only-encrypt-sops-files-with-sops from 7f80bb5e7c
Some checks failed
/ Ansible Lint (pull_request) Has been cancelled
Details
/ Ansible Lint (push) Has been cancelled
Details
to cafdb1aa30
All checks were successful
/ Ansible Lint (push) Successful in 7m12s
Details
/ Ansible Lint (pull_request) Successful in 18m12s
Details
2026-03-05 20:32:20 +01:00 Compare
june requested changes 2026-03-06 19:11:03 +01:00
Dismissed
june left a comment
Owner
Copy link

Running sops edit on a file (invalid or valid, just not existing yet), returns:

can not compile regexp: error parsing regexp: invalid nested repetition operator: `**`
Running `sops edit` on a file (invalid or valid, just not existing yet), returns: ``` can not compile regexp: error parsing regexp: invalid nested repetition operator: `**` ```
lilly force-pushed only-encrypt-sops-files-with-sops from cafdb1aa30
All checks were successful
/ Ansible Lint (push) Successful in 7m12s
Details
/ Ansible Lint (pull_request) Successful in 18m12s
Details
to 99365d06b2
All checks were successful
/ Ansible Lint (push) Successful in 3m8s
Details
/ Ansible Lint (pull_request) Successful in 3m32s
Details
2026-03-06 19:51:45 +01:00 Compare
lilly commented 2026-03-06 19:52:13 +01:00
Author
Owner
Copy link

@june wrote in #69 (comment):

Running sops edit on a file (invalid or valid, just not existing yet), returns:

can not compile regexp: error parsing regexp: invalid nested repetition operator: `**`

ahh yes that was leftover from when I accidentally interpreted it as glob. should be fixed now

@june wrote in https://git.hamburg.ccc.de/CCCHH/ansible-infra/pulls/69#issuecomment-3640: > Running `sops edit` on a file (invalid or valid, just not existing yet), returns: > > ```text > can not compile regexp: error parsing regexp: invalid nested repetition operator: `**` > ``` ahh yes that was leftover from when I accidentally interpreted it as glob. should be fixed now
👍 1
june requested changes 2026-03-06 20:01:41 +01:00
Dismissed
june left a comment
Owner
Copy link

Ah, now I correctly can't create invalid files with sops, but also no valid ones either. Both error with:

error loading config: no matching creation rules found
Ah, now I correctly can't create invalid files with sops, but also no valid ones either. Both error with: ``` error loading config: no matching creation rules found ```
lilly force-pushed only-encrypt-sops-files-with-sops from 99365d06b2
All checks were successful
/ Ansible Lint (push) Successful in 3m8s
Details
/ Ansible Lint (pull_request) Successful in 3m32s
Details
to a1891a9988
Some checks failed
/ Ansible Lint (pull_request) Successful in 3m20s
Details
/ Ansible Lint (push) Has been cancelled
Details
2026-03-06 20:10:23 +01:00 Compare
lilly commented 2026-03-06 20:10:57 +01:00
Author
Owner
Copy link

@june wrote in #69 (comment):

Ah, now I correctly can't create invalid files with sops, but also no valid ones either. Both error with:

error loading config: no matching creation rules found

this will now serve as my personal reminder to always quote YAML strings…
works now. for real for real.

@june wrote in https://git.hamburg.ccc.de/CCCHH/ansible-infra/pulls/69#issuecomment-3662: > Ah, now I correctly can't create invalid files with sops, but also no valid ones either. Both error with: > > ```text > error loading config: no matching creation rules found > ``` this will now serve as my personal reminder to always quote YAML strings… works now. for real for real.
❤️ 1
june approved these changes 2026-03-06 20:19:17 +01:00
june left a comment
Owner
Copy link

Works now, very nice!!

Works now, very nice!!
lilly force-pushed only-encrypt-sops-files-with-sops from a1891a9988
Some checks failed
/ Ansible Lint (pull_request) Successful in 3m20s
Details
/ Ansible Lint (push) Has been cancelled
Details
to 0788fde69d
All checks were successful
/ Ansible Lint (pull_request) Successful in 2m31s
Details
/ Ansible Lint (push) Successful in 13m55s
Details
2026-03-06 20:21:34 +01:00 Compare
lilly merged commit 0788fde69d into main 2026-03-06 20:21:58 +01:00
lilly deleted branch only-encrypt-sops-files-with-sops 2026-03-06 20:21:58 +01:00
Sign in to join this conversation.
Reviewers
No reviewers
june
Labels
Clear labels   
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
renovate

Created automatically by Renovate.

  
waiting on upstream

Waiting on upstream until this can be merged.

  
wontfix

This won't be fixed

No labels
bug
duplicate
enhancement
help wanted
invalid
question
renovate
waiting on upstream
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
lilly
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
CCCHH/ansible-infra!69
No description provided.