Replies: 1 comment
-
|
I don't think sops has explicit Autokey support yet. Autokey is a wrapper around standard Cloud KMS — it automatically creates and manages keys for you, but the underlying encryption still uses regular KMS key resources. Since sops already supports Google Cloud KMS, you should be able to use an Autokey-managed key by referencing its resource name once it's been created. The key resource name would look the same as any other Cloud KMS key: So in your creation_rules:
- gcp_kms: projects/my-project/locations/global/keyRings/autokey-ring/cryptoKeys/autokey-keyThe main difference with Autokey is that you don't create the key manually — Google creates it for you based on your Autokey configuration. But from sops' perspective, it's just a regular KMS key. If Autokey creates keys dynamically per-resource, you'd need to know the key name upfront to configure sops, which might not align with how Autokey is designed to be used. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hey everyone,
does SOPS also support Google Cloud KMS Autokey somehow?
Beta Was this translation helpful? Give feedback.
All reactions