Features:
- Add support for --unencrypted-regex (#715)
Changes:
- Use keys.openpgp.org instead of gpg.mozilla.org (#732)
- Upgrade AWS SDK version (#714)
- Support --input-type for exec-file (#699)
Bug fixes:
Assets
7
Features:
- Support for encrypting data through the use of Hashicorp Vault (#655)
sops publishnow supports--recursiveflag for publishing all files in a directory (#602)sops publishnow supports--omit-extensionsflag for omitting the extension in the destination path (#602)- sops now supports JSON arrays of arrays (#642)
Improvements:
- Updates and standardization for the dotenv store (#612, #622)
- Close temp files after using them for edit command (#685)
Bug fixes:
- AWS SDK usage now correctly resolves the
~/.aws/configfile (#680) sops updatekeysnow correctly matches config rules (#682)sops updatekeysnow correctly uses the config path cli flag (#672)- Partially empty sops config files don't break the use of sops anymore (#662)
- Fix possible infinite loop in PGP's passphrase prompt call (#690)
Project changes:
Assets
7
Features:
* `sops exec-env` and `sops exec-file`, two new commands for utilizing sops secrets within a temporary file or env vars
Bug fixes:
* Sanitize AWS STS session name, as sops creates it based off of the machines hostname
* Fix for `decrypt.Data` to support `.ini` files
* Various package fixes related to switching to Go Modules
* Fixes for Vault-related tests running locally and in CI.
Project changes:
* Change to proper use of go modules, changing to primary module name to `go.mozilla.org/sops/v3`
* Change tags to requiring a `v` prefix.
* Add documentation for `sops updatekeys` command
Assets
7
Features:
sops publish, a new command for publishing sops encrypted secrets to S3, GCS, or Hashicorp Vault- Support for multiple Azure authentication mechanisms
- Azure Keyvault support to the sops config file
encrypted_regexoption to the sops config file
Bug fixes:
- Return non-zero exit code for invalid CLI flags
- Broken path handling for sops editing on Windows
go lint/fmtviolations- Check for pgp fingerprint before slicing it
Project changes:
- Build container using golang 1.12
- Switch to using go modules
- Hashicorp Vault server in Travis CI build
- Mozilla Publice License file to repo
- Replaced expiring test gpg keys
Assets
7
Bug fixes:
- Make sure the pgp key fingerprint is longer than 16 characters before
slicing it. (#463) - Allow for
--setvalue to be a string. (#461)
Project changes:
- Using
developas a staging branch to create releases off of. What
is inmasteris now the current stable release. - Upgrade to using Go 1.12 to build sops
- Updated all vendored packages
Assets
7
New features:
- Multi-document support for YAML files
- Support referencing AWS KMS keys by their alias
- Support for INI files
- Support for AWS CLI profiles
- Comment support in .env files
- Added vi to the list of known editors
- Added a way to specify the GPG key server to use through the
SOPS_GPG_KEYSERVER environment variable
Bug fixes:
- Now uses $HOME instead of ~ (which didn't work) to find the GPG home
- Fix panic when vim was not available as an editor, but other
alternative editors were - Fix issue with AWS KMS Encryption Contexts (#445) with more than one
context value failing to decrypt intermittently. Includes an
automatic fix for old files affected by this issue.
Project infrastructure changes:
- Added integration tests for AWS KMS
- Added Code of Conduct
Assets
7
mozcloudsec
released this
Release 3.2.0
Assets
7
mozcloudsec
released this
* Fix incorrect version number from previous release
Assets
7
mozcloudsec
released this
* Add support for Azure Key Service * Fix bug that prevented JSON escapes in input files from working

Formed in 2009, the Archive Team (not to be confused with the archive.org Archive-It Team) is a rogue archivist collective dedicated to saving copies of rapidly dying or deleted websites for the sake of history and digital heritage. The group is 100% composed of volunteers and interested parties, and has expanded into a large amount of related projects for saving online and digital history.
