daputzy / intellij-sops-plugin Goto Github PK

View Code? Open in Web Editor NEW

11.0 11.0 3.0 162 KB

Simple Sops Edit

Home Page: https://plugins.jetbrains.com/plugin/21317-simple-sops-edit

License: MIT License

Java 100.00%

intellij-sops-plugin's People

Contributors

Stargazers

Watchers

Forkers

ybasket probstdjakob davpsh

intellij-sops-plugin's Issues

Build: Add compatibility with PhpStorm 2024.1 EAP

Currently on 1.5.0, PhpStorm EAP 2024.1 refuses to load the plugin: "requires IDE build 233.* or earlier"

PhpStorm 2024.1 EAP
Build #PS-241.12662.49, built on February 14, 2024

RuntimeException: Could not get document for file

java.lang.RuntimeException: Cannot invoke (class=, method=fileClosed, topic=FileEditorManagerListener)
	at com.intellij.util.messages.impl.MessageBusImplKt.invokeListener(MessageBusImpl.kt:639)
	at com.intellij.util.messages.impl.MessageBusImplKt.deliverMessage(MessageBusImpl.kt:395)
	at com.intellij.util.messages.impl.MessageBusImplKt.pumpWaiting(MessageBusImpl.kt:374)
	at com.intellij.util.messages.impl.MessageBusImplKt.access$pumpWaiting(MessageBusImpl.kt:1)
	at com.intellij.util.messages.impl.MessagePublisher.invoke(MessageBusImpl.kt:433)
	at jdk.proxy1/jdk.proxy1.$Proxy123.fileClosed(Unknown Source)
	at com.intellij.openapi.fileEditor.impl.EditorWindow.closeFile$lambda$11$lambda$10(EditorWindow.kt:582)
	at com.intellij.openapi.fileEditor.impl.FileEditorManagerImpl$7.lambda$run$0(FileEditorManagerImpl.java:1252)
	at com.intellij.openapi.util.ExpirableRunnable$1.run(ExpirableRunnable.java:17)
	at com.intellij.openapi.wm.impl.FocusManagerImpl.lambda$doWhenFocusSettlesDown$3(FocusManagerImpl.java:173)
	at com.intellij.util.ui.EdtInvocationManager.invokeLaterIfNeeded(EdtInvocationManager.java:33)
	at com.intellij.ide.IdeEventQueue.ifFocusEventsInTheQueue(IdeEventQueue.java:176)
	at com.intellij.ide.IdeEventQueue.executeWhenAllFocusEventsLeftTheQueue(IdeEventQueue.java:129)
	at com.intellij.openapi.wm.impl.FocusManagerImpl.doWhenFocusSettlesDown(FocusManagerImpl.java:169)
	at com.intellij.openapi.fileEditor.impl.FileEditorManagerImpl$7.run(FileEditorManagerImpl.java:1251)
	at com.intellij.openapi.util.BusyObject$Impl$Simple.execute(BusyObject.java:105)
	at com.intellij.openapi.fileEditor.impl.FileEditorManagerImpl.notifyPublisher(FileEditorManagerImpl.java:1248)
	at com.intellij.openapi.fileEditor.impl.EditorWindow.closeFile$lambda$11(EditorWindow.kt:578)
	at com.intellij.openapi.fileEditor.impl.FileEditorManagerImpl.runBulkTabChange(FileEditorManagerImpl.java:1904)
	at com.intellij.openapi.fileEditor.impl.EditorWindow.closeFile(EditorWindow.kt:538)
	at com.intellij.openapi.fileEditor.impl.FileEditorManagerImpl.lambda$closeFile$5(FileEditorManagerImpl.java:706)
	at com.intellij.openapi.command.impl.CoreCommandProcessor.executeCommand(CoreCommandProcessor.java:219)
	at com.intellij.openapi.command.impl.CoreCommandProcessor.executeCommand(CoreCommandProcessor.java:174)
	at com.intellij.openapi.command.impl.CoreCommandProcessor.executeCommand(CoreCommandProcessor.java:164)
	at com.intellij.openapi.command.impl.CoreCommandProcessor.executeCommand(CoreCommandProcessor.java:150)
	at com.intellij.openapi.fileEditor.impl.FileEditorManagerImpl.closeFile(FileEditorManagerImpl.java:704)
	at com.intellij.openapi.fileEditor.impl.FileEditorManagerImpl.closeFile(FileEditorManagerImpl.java:714)
	at com.intellij.openapi.fileEditor.impl.EditorTabbedContainer$TabMouseListener.mouseReleased(EditorTabbedContainer.java:372)
	at java.desktop/java.awt.AWTEventMulticaster.mouseReleased(AWTEventMulticaster.java:298)
	at java.desktop/java.awt.AWTEventMulticaster.mouseReleased(AWTEventMulticaster.java:297)
	at java.desktop/java.awt.Component.processMouseEvent(Component.java:6648)
	at java.desktop/javax.swing.JComponent.processMouseEvent(JComponent.java:3392)
	at java.desktop/java.awt.Component.processEvent(Component.java:6413)
	at java.desktop/java.awt.Container.processEvent(Container.java:2266)
	at java.desktop/java.awt.Component.dispatchEventImpl(Component.java:5022)
	at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2324)
	at java.desktop/java.awt.Component.dispatchEvent(Component.java:4854)
	at java.desktop/java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4948)
	at java.desktop/java.awt.LightweightDispatcher.processMouseEvent(Container.java:4575)
	at java.desktop/java.awt.LightweightDispatcher.dispatchEvent(Container.java:4516)
	at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2310)
	at java.desktop/java.awt.Window.dispatchEventImpl(Window.java:2802)
	at java.desktop/java.awt.Component.dispatchEvent(Component.java:4854)
	at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:781)
	at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:730)
	at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:724)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
	at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:86)
	at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:97)
	at java.desktop/java.awt.EventQueue$5.run(EventQueue.java:754)
	at java.desktop/java.awt.EventQueue$5.run(EventQueue.java:752)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
	at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:86)
	at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:751)
	at com.intellij.ide.IdeEventQueue.defaultDispatchEvent(IdeEventQueue.java:909)
	at com.intellij.ide.IdeEventQueue.dispatchMouseEvent(IdeEventQueue.java:831)
	at com.intellij.ide.IdeEventQueue._dispatchEvent(IdeEventQueue.java:753)
	at com.intellij.ide.IdeEventQueue.lambda$dispatchEvent$5(IdeEventQueue.java:437)
	at com.intellij.openapi.progress.impl.CoreProgressManager.computePrioritized(CoreProgressManager.java:787)
	at com.intellij.ide.IdeEventQueue.lambda$dispatchEvent$6(IdeEventQueue.java:436)
	at com.intellij.openapi.application.TransactionGuardImpl.performActivity(TransactionGuardImpl.java:113)
	at com.intellij.ide.IdeEventQueue.performActivity(IdeEventQueue.java:615)
	at com.intellij.ide.IdeEventQueue.lambda$dispatchEvent$7(IdeEventQueue.java:434)
	at com.intellij.openapi.application.impl.ApplicationImpl.runIntendedWriteActionOnCurrentThread(ApplicationImpl.java:838)
	at com.intellij.ide.IdeEventQueue.dispatchEvent(IdeEventQueue.java:480)
	at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:207)
	at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:128)
	at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:117)
	at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:113)
	at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:105)
	at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:92)
Caused by: java.lang.RuntimeException: Could not get document for file
	at com.github.daputzy.intellijsopsplugin.FileUtil.getDocument(FileUtil.java:27)
	at com.github.daputzy.intellijsopsplugin.EditActionHandler$1.fileClosed(EditActionHandler.java:35)
	at com.intellij.util.messages.impl.MessageBusImplKt.invokeMethod(MessageBusImpl.kt:655)
	at com.intellij.util.messages.impl.MessageBusImplKt.invokeListener(MessageBusImpl.kt:621)
	... 70 more

Compatibility with sops (and age) via aqua utility

Hello,
I'm using CLI package manager aqua.
This tool allows defining tools (and their associated versions) within a repository. Aqua then functions as a command proxy, so depending on the folder from which a command is launched, if aqua manages it, it uses the binary of the version specified in the configuration file.
However, if executed from a location (none of the parent folders have an aqua configuration file), it cannot find the command. The $PATH environment variable must also include the path to the proxified binaries:
export PATH="${AQUA_ROOT_DIR:-${XDG_DATA_HOME:-$HOME/.local/share}/aquaproj-aqua}/bin:$PATH"

Looking at the source code of this plugin, it seems that it navigates to the folder containing the file to decrypt, and it appears to pass the parent environment variables. These two elements should enable the plugin to work with aqua. However, I'm not sure if that's really the case, and I don't know how to debug the plugin.

To test it :
Install aqua :

# Aqua installation 
curl -sSL -o /tmp/aqua.tar.gz https://github.com/aquaproj/aqua/releases/download/v2.21.3/aqua_linux_amd64.tar.gz && /bin/tar -xzf /tmp/aqua.tar.gz -C /tmp && chmod 0755 /tmp/aqua && sudo chown root:root /tmp/aqua && sudo mv /tmp/aqua ${aqua_install_path}/aqua && rm -f /tmp/aqua.tar.gz /tmp/aqua

# Env var (add it to bashrc if needed)
export PATH="${AQUA_ROOT_DIR:-${XDG_DATA_HOME:-$HOME/.local/share}/aquaproj-aqua}/bin:$PATH" 

# Prepare Test Directory
mkdir $HOME/test-sops && cd $HOME/test-sops

# Generate and install aqua tools sops and age
aqua init && aqua g FiloSottile/age getsops/sops >> aqua.yaml && aqua i

# Show Version tools
sops --version
# Show sops 3.8.1 (latest)
age --version
# Show v1.1.1

cd ..
sops --version 
# show : FATA[0000] aqua failed                                   aqua_version=2.21.3 doc="https://aquaproj.github.io/docs/reference/codes/004" env=linux/amd64 error="command is not found" exe_name=sops program=aqua

age --version 
# show: FATA[0000] aqua failed                                   aqua_version=2.21.3 doc="https://aquaproj.github.io/docs/reference/codes/004" env=linux/amd64 error="command is not found" exe_name=age program=aqua

You just need to add your .sops.yaml to directory $HOME/test-sops and generate an age key if needed.

You can now encrypt a file with sops commande from $HOME/test-sops directory via command line.
But you can't with your plugin.
Please can you take a look at this ?

It would be nice if a file detected to be SOPS editable was made read-only.

We are doing a lot of secrets work right now and we have more than once forgotten to press Edit before changing the file which sops doesn't like.

Can the plugin mark the file as read/only so the only way to change it is to press Edit?

Can a function key be assigned to the "Edit" link?

This is a very helpful little plugin, thanks for that.

I was wondering if it would be possible to assign a short cut key to the "Edit" link in the notification bar? It's easier to press a few keys than hitting a small link in the upper right of the IDE (at least for me).

secrets.yaml not detected as SOPS file (again)

Hi,

I'm using sops to encrypt secrets.yaml file used when specifying values for helmfile releases. I'm using sops command line directly to edit encrypted files like this:

EDITOR=kwrite sops /path/to/secrets.yaml

...and this works. But since I'm using IDEA to edit other files, I wanted to try this plugin. It doesn't detect the secrets.yaml file to be SOPS encrypted file and doesn't show the status line with a link to "Edit" it in decrypted form. The encrypted file structure does contain the following at the end:

sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age: []
    lastmodified: "2023-07-07T14:22:35Z"
    mac: ENC[...redacted...]
    pgp:
        - created_at: "2023-06-13T15:47:51Z"
          enc: |-
            -----BEGIN PGP MESSAGE-----
               ...redacted...
            -----END PGP MESSAGE-----
          fp: ...redacted...
    unencrypted_suffix: _unencrypted
    version: 3.7.3

Somewhere I read that users put a .sops.yaml file in the project's root folder. I don't have such file. I added an empty .sops.yaml file into project's root folder and the plugin then recognized the SOPS encrypted file and allowed me to start editing it in decrypted form. But when saving the modified decrypted tab and upon closing it, I get the following error and original file is left intact:

Sops error
config file not found and no keys provided through command line options

Should I put some content into .sops.yaml file in the project's root and what? I didn't need that file for editing encrypted files using sops command line directly.

sops-plugin do not work

java.lang.RuntimeException: Could not execute sops command
at com.github.daputzy.intellijsopsplugin.sops.ExecutionUtil.run(ExecutionUtil.java:122)
at com.github.daputzy.intellijsopsplugin.sops.ExecutionUtil.decrypt(ExecutionUtil.java:46)
at com.github.daputzy.intellijsopsplugin.handler.EditActionHandler.handle(EditActionHandler.java:23)
at com.intellij.ui.EditorNotificationPanel$6.handlePanelActionClick(EditorNotificationPanel.java:442)
at com.intellij.ui.EditorNotificationPanel$ActionHyperlinkLabel$1.hyperlinkActivated(EditorNotificationPanel.java:487)
at com.intellij.ui.HyperlinkAdapter.hyperlinkUpdate(HyperlinkAdapter.java:14)
at com.intellij.ui.HyperlinkLabel.fireHyperlinkEvent(HyperlinkLabel.java:242)
at com.intellij.ui.HyperlinkLabel.processMouseEvent(HyperlinkLabel.java:164)
at java.desktop/java.awt.Component.processEvent(Component.java:6422)
at java.desktop/java.awt.Container.processEvent(Container.java:2266)
at java.desktop/java.awt.Component.dispatchEventImpl(Component.java:5027)
at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2324)
at java.desktop/java.awt.Component.dispatchEvent(Component.java:4855)
at java.desktop/java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4954)
at java.desktop/java.awt.LightweightDispatcher.processMouseEvent(Container.java:4581)
at java.desktop/java.awt.LightweightDispatcher.dispatchEvent(Container.java:4522)
at java.desktop/java.awt.Container.dispatchEventImpl(Container.java:2310)
at java.desktop/java.awt.Window.dispatchEventImpl(Window.java:2808)
at java.desktop/java.awt.Component.dispatchEvent(Component.java:4855)
at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:794)
at java.desktop/java.awt.EventQueue$3.run(EventQueue.java:739)
at java.desktop/java.awt.EventQueue$3.run(EventQueue.java:733)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:86)
at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:97)
at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:766)
at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:764)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:86)
at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:763)
at com.intellij.ide.IdeEventQueue.defaultDispatchEvent(IdeEventQueue.kt:690)
at com.intellij.ide.IdeEventQueue.dispatchMouseEvent(IdeEventQueue.kt:638)
at com.intellij.ide.IdeEventQueue._dispatchEvent(IdeEventQueue.kt:592)
at com.intellij.ide.IdeEventQueue.access$_dispatchEvent(IdeEventQueue.kt:67)
at com.intellij.ide.IdeEventQueue$dispatchEvent$processEventRunnable$1$1$1.compute(IdeEventQueue.kt:369)
at com.intellij.ide.IdeEventQueue$dispatchEvent$processEventRunnable$1$1$1.compute(IdeEventQueue.kt:368)
at com.intellij.openapi.progress.impl.CoreProgressManager.computePrioritized(CoreProgressManager.java:787)
at com.intellij.ide.IdeEventQueue$dispatchEvent$processEventRunnable$1$1.invoke(IdeEventQueue.kt:368)
at com.intellij.ide.IdeEventQueue$dispatchEvent$processEventRunnable$1$1.invoke(IdeEventQueue.kt:363)
at com.intellij.ide.IdeEventQueueKt.performActivity$lambda$1(IdeEventQueue.kt:997)
at com.intellij.openapi.application.TransactionGuardImpl.performActivity(TransactionGuardImpl.java:113)
at com.intellij.ide.IdeEventQueueKt.performActivity(IdeEventQueue.kt:997)
at com.intellij.ide.IdeEventQueue.dispatchEvent$lambda$7(IdeEventQueue.kt:363)
at com.intellij.openapi.application.impl.ApplicationImpl.runIntendedWriteActionOnCurrentThread(ApplicationImpl.java:861)
at com.intellij.ide.IdeEventQueue.dispatchEvent(IdeEventQueue.kt:405)
at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:207)
at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:128)
at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:117)
at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:113)
at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:105)
at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:92)
Caused by: com.intellij.execution.process.ProcessNotCreatedException: Cannot run program "sops" (in directory "/home/work/Develop/fleet-infra-k3s/services/overlays/codeinside-k3s/runix-pgadmin4"): error=2, Нет такого файла или каталога
at com.intellij.execution.configurations.GeneralCommandLine.createProcess(GeneralCommandLine.java:356)
at com.intellij.execution.process.OSProcessHandler.startProcess(OSProcessHandler.java:84)
at com.intellij.execution.process.OSProcessHandler.(OSProcessHandler.java:44)
at com.github.daputzy.intellijsopsplugin.sops.ExecutionUtil.run(ExecutionUtil.java:120)
... 50 more
Caused by: java.io.IOException: Cannot run program "sops" (in directory "/home/work/Develop/fleet-infra-k3s/services/overlays/codeinside-k3s/runix-pgadmin4"): error=2, Нет такого файла или каталога
at java.base/java.lang.ProcessBuilder.start(ProcessBuilder.java:1143)
at java.base/java.lang.ProcessBuilder.start(ProcessBuilder.java:1073)
at com.intellij.execution.configurations.GeneralCommandLine.startProcess(GeneralCommandLine.java:432)
at com.intellij.execution.configurations.GeneralCommandLine.createProcess(GeneralCommandLine.java:346)
... 53 more
Caused by: java.io.IOException: error=2, Нет такого файла или каталога
at java.base/java.lang.ProcessImpl.forkAndExec(Native Method)
at java.base/java.lang.ProcessImpl.(ProcessImpl.java:314)
at java.base/java.lang.ProcessImpl.start(ProcessImpl.java:244)
at java.base/java.lang.ProcessBuilder.start(ProcessBuilder.java:1110)
... 56 more

Age support

It would be nice if there was support for SOPS using Age :)

https://github.com/getsops/sops#encrypting-using-age

Edit: I'm using SOPS_AGE_KEY_FILE and SOPS_AGE_RECIPIENTS.

All encrypted values are re-generated upon edit, resulting in noisy diffs

Hello, first of all thank you for creating this useful tool!

I've noticed that whenever a file is modified, all encrypted values are re-generated. This is an issue as it makes it very difficult to read diffs - in larger files it looks like a lot of values have changed when potentially only one has.

Here's an example:

Create .sops.yaml with the following contents:

creation_rules:  
      # ...
      encrypted_regex: (secret)

Create my-sops-file.yaml containing the following, then commit

secret_1: I am a secret  
secret_2: I am another secret

Edit the file with Simple SOPS Edit:

secret_1: I am a modified secret  
secret_2: I am another secret

Running git diff shows both values have changed:

$ git diff

--- a/my-sops-file.yaml
+++ b/my-sops-file.yaml

-secret_1: ENC[AES256_GCM,data:IYTZHhoAPR1j(...)
-secret_2: ENC[AES256_GCM,data:DMavDgjPhCT9(...)
+secret_1: ENC[AES256_GCM,data:rvvSNsNN8r4a(...)
+secret_2: ENC[AES256_GCM,data:bDEzI/57Jh5u(...)

(...)

If I do the same with sops directly, I only see secret_1's value updated as I would expect. I don't think SOPS is intended to be used in a non-interactive way (sops -d -> edit -> sops -e), which causes the problem here.

Got stacktrace probably correlated with unencrypted editor is not properly replaced with encrypted at save.

I got this internal error in intellij. I have the make-readonly attribute set and the file cannot be written to on disk (not sure if that is related to this but I had to edit manually outside of intellij). This is on Ubuntu 23.10.

java.lang.RuntimeException: Cannot invoke (class=, method=fileClosed, topic=FileEditorManagerListener)
	at com.intellij.util.messages.impl.MessageBusImplKt.invokeListener(MessageBusImpl.kt:676)
	at com.intellij.util.messages.impl.MessageBusImplKt.deliverMessage(MessageBusImpl.kt:422)
	at com.intellij.util.messages.impl.MessageBusImplKt.pumpWaiting(MessageBusImpl.kt:401)
	at com.intellij.util.messages.impl.MessageBusImplKt.access$pumpWaiting(MessageBusImpl.kt:1)
	at com.intellij.util.messages.impl.MessagePublisher.invoke(MessageBusImpl.kt:460)
	at jdk.proxy2/jdk.proxy2.$Proxy60.fileClosed(Unknown Source)
	at com.intellij.openapi.fileEditor.impl.EditorWindow.closeFile$lambda$8$lambda$7(EditorWindow.kt:595)
	at com.intellij.openapi.fileEditor.impl.FileEditorManagerImpl.notifyPublisher(FileEditorManagerImpl.kt:1221)
	at com.intellij.openapi.fileEditor.impl.EditorWindow.closeFile$intellij_platform_ide_impl(EditorWindow.kt:592)
	at com.intellij.openapi.fileEditor.impl.EditorWindow.closeFile$intellij_platform_ide_impl$default(EditorWindow.kt:553)
	at com.intellij.openapi.fileEditor.impl.FileEditorManagerImpl.closeFile$intellij_platform_ide_impl(FileEditorManagerImpl.kt:699)
	at com.intellij.openapi.fileEditor.impl.FileEditorManagerImpl.closeFile(FileEditorManagerImpl.kt:720)
	at com.intellij.openapi.fileEditor.impl.tabActions.CloseTab.actionPerformed(CloseTab.kt:101)
	at com.intellij.openapi.actionSystem.ex.ActionUtil.doPerformActionOrShowPopup(ActionUtil.java:339)
	at com.intellij.openapi.keymap.impl.ActionProcessor.performAction(ActionProcessor.java:47)
	at com.intellij.openapi.keymap.impl.IdeKeyEventDispatcher$myActionProcessor$1.performAction(IdeKeyEventDispatcher.kt:502)
	at com.intellij.openapi.keymap.impl.IdeKeyEventDispatcherKt.doPerformActionInner$lambda$5$lambda$4(IdeKeyEventDispatcher.kt:865)
	at com.intellij.openapi.application.TransactionGuardImpl.performActivity(TransactionGuardImpl.java:105)
	at com.intellij.openapi.application.TransactionGuardImpl.performUserActivity(TransactionGuardImpl.java:94)
	at com.intellij.openapi.keymap.impl.IdeKeyEventDispatcherKt.doPerformActionInner$lambda$5(IdeKeyEventDispatcher.kt:865)
	at com.intellij.openapi.actionSystem.ex.ActionUtil.performDumbAwareWithCallbacks(ActionUtil.java:362)
	at com.intellij.openapi.keymap.impl.IdeKeyEventDispatcherKt.doPerformActionInner(IdeKeyEventDispatcher.kt:863)
	at com.intellij.openapi.keymap.impl.IdeKeyEventDispatcherKt.access$doPerformActionInner(IdeKeyEventDispatcher.kt:1)
	at com.intellij.openapi.keymap.impl.IdeKeyEventDispatcher.processAction$intellij_platform_ide_impl(IdeKeyEventDispatcher.kt:587)
	at com.intellij.openapi.keymap.impl.IdeKeyEventDispatcher.processAction(IdeKeyEventDispatcher.kt:513)
	at com.intellij.openapi.keymap.impl.IdeKeyEventDispatcher.processActionOrWaitSecondStroke(IdeKeyEventDispatcher.kt:454)
	at com.intellij.openapi.keymap.impl.IdeKeyEventDispatcher.inInitState(IdeKeyEventDispatcher.kt:447)
	at com.intellij.openapi.keymap.impl.IdeKeyEventDispatcher.dispatchKeyEvent(IdeKeyEventDispatcher.kt:309)
	at com.intellij.ide.IdeEventQueue.dispatchKeyEvent(IdeEventQueue.kt:622)
	at com.intellij.ide.IdeEventQueue._dispatchEvent(IdeEventQueue.kt:591)
	at com.intellij.ide.IdeEventQueue.access$_dispatchEvent(IdeEventQueue.kt:67)
	at com.intellij.ide.IdeEventQueue$dispatchEvent$processEventRunnable$1$1$1.compute(IdeEventQueue.kt:369)
	at com.intellij.ide.IdeEventQueue$dispatchEvent$processEventRunnable$1$1$1.compute(IdeEventQueue.kt:368)
	at com.intellij.openapi.progress.impl.CoreProgressManager.computePrioritized(CoreProgressManager.java:787)
	at com.intellij.ide.IdeEventQueue$dispatchEvent$processEventRunnable$1$1.invoke(IdeEventQueue.kt:368)
	at com.intellij.ide.IdeEventQueue$dispatchEvent$processEventRunnable$1$1.invoke(IdeEventQueue.kt:363)
	at com.intellij.ide.IdeEventQueueKt.performActivity$lambda$1(IdeEventQueue.kt:997)
	at com.intellij.openapi.application.TransactionGuardImpl.performActivity(TransactionGuardImpl.java:113)
	at com.intellij.ide.IdeEventQueueKt.performActivity(IdeEventQueue.kt:997)
	at com.intellij.ide.IdeEventQueue.dispatchEvent$lambda$7(IdeEventQueue.kt:363)
	at com.intellij.openapi.application.impl.ApplicationImpl.runIntendedWriteActionOnCurrentThread(ApplicationImpl.java:861)
	at com.intellij.ide.IdeEventQueue.dispatchEvent(IdeEventQueue.kt:405)
	at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:207)
	at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:128)
	at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:117)
	at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:113)
	at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:105)
	at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:92)
Caused by: java.lang.RuntimeException: Could not write content to file
	at com.github.daputzy.intellijsopsplugin.file.FileUtil.lambda$writeContentBlocking$3(FileUtil.java:49)
	at com.intellij.openapi.application.impl.ApplicationImpl.invokeAndWait(ApplicationImpl.java:458)
	at com.intellij.openapi.application.impl.ApplicationImpl.invokeAndWait(ApplicationImpl.java:490)
	at com.github.daputzy.intellijsopsplugin.file.FileUtil.writeContentBlocking(FileUtil.java:45)
	at com.github.daputzy.intellijsopsplugin.handler.EditActionHandler$1.fileClosed(EditActionHandler.java:46)
	at com.intellij.util.messages.impl.MessageBusImplKt.invokeMethod(MessageBusImpl.kt:699)
	at com.intellij.util.messages.impl.MessageBusImplKt.invokeListener(MessageBusImpl.kt:659)
	... 47 more
Caused by: java.nio.file.AccessDeniedException: /home/REDACTED-secrets.enc.yaml
	at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:90)
	at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:106)
	at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111)
	at java.base/sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:218)
	at java.base/java.nio.file.spi.FileSystemProvider.newOutputStream(FileSystemProvider.java:484)
	at java.base/java.nio.file.Files.newOutputStream(Files.java:228)
	at com.intellij.openapi.vfs.impl.local.LocalFileSystemBase.getOutputStream(LocalFileSystemBase.java:523)
	at com.intellij.openapi.vfs.newvfs.persistent.PersistentFSImpl$3.close(PersistentFSImpl.java:859)
	at com.intellij.openapi.vfs.newvfs.impl.VirtualFileImpl.setBinaryContent(VirtualFileImpl.java:157)
	at com.intellij.openapi.vfs.VirtualFile.setBinaryContent(VirtualFile.java:561)
	at com.intellij.openapi.vfs.VirtualFile.setBinaryContent(VirtualFile.java:557)
	at com.github.daputzy.intellijsopsplugin.file.FileUtil.lambda$writeContentBlocking$2(FileUtil.java:43)
	at com.intellij.openapi.application.WriteAction.lambda$runAndWait$2(WriteAction.java:116)
	at com.intellij.openapi.application.impl.ApplicationImpl.runWriteActionWithClass(ApplicationImpl.java:980)
	at com.intellij.openapi.application.impl.ApplicationImpl.runWriteAction(ApplicationImpl.java:1006)
	at com.intellij.openapi.application.WriteAction.computeAndWait(WriteAction.java:135)
	at com.intellij.openapi.application.WriteAction.computeAndWait(WriteAction.java:129)
	at com.intellij.openapi.application.WriteAction.runAndWait(WriteAction.java:115)
	at com.github.daputzy.intellijsopsplugin.file.FileUtil.lambda$writeContentBlocking$3(FileUtil.java:47)
	... 53 more

Feature Request: Support for environmental variables

I'm learning SOPS with Age and while your extension is great, I have a hard time setting the SOPS_AGE_KEY_FILE env var to point SOPS to a different Age key file. It would be nice if this was configurable in the extension. Since SOPS_AGE_KEY_FILE is specific to Age, general support for env vars would be awesome!

Note: Currently I have to set the env var on the command line when I start Idea (and others) using their script. Starting it from the JetBrains Toolbox does not work (unless the env var is set in ~/.bashrc). I'm using Linux with Kde.

Executing `idea` issue in MacOS

Hi! Great effort with this new plugin :)

Unfortunately, it's not working for me. Error is attached.

sops <filename> works if I'm running it from terminal and I can edit the file.

Kind regards,
Alen

Error when storing changes to encrypted file using AWS SSO and AWS profiles

Hey there!

Thank you for this neat tool. I'm facing an issue with our current AWS SSO setup and saving an encrypted file back with Simple SOPS. It then says:

Could not generate data key: [failed to encrypt new data key with master key "arn:aws:kms:xxx:xxx:key/xxx": Failed to call KMS encryption service: NoCredentialProviders: no valid providers in chain. Deprecated. For verbose messaging see aws.Config.CredentialsChainVerboseErrors]

I'm storing the AWS_PROFILE within the encrypted file under

sops:
  kms:
    - arn: xxx
      created_at: xxx
      enc: xxx
      aws_profile: "PROFILE_NAME"

Maybe it's because the aws_profile gets lost on the way of re-encrypting the encrypted file? Or maybe I am missing something here? When using SOPS in the IntelliJ's terminal window, it all works.

Any help is appreciated!

Widura

Partial encryption not supported

When using --encrypted-suffix or --encrypted-regex for the initial encryption, the settings are not used after editing a file.

Example file:

replicaCount: 1
image:
    repository: mergermarket/404
    pullPolicy: Always
    tag: latest
secrets:
    PASSWORD: ENC[AES256_GCM,data:0h0+5UiKjNqIHqGR7Xno2R3l9bIxLPtxAaQiJwlUIYzXum9Wf+WD+W8LyU2nQbKLDjFOvprVt+H0Gh01heiE5tawkojAnWWqRyQLgizyttsX/ToeP4ETFTTs5zo7zDjVb0J3YRIhAGIgvc0hUqbX7tHVi+TaQfQZPqjPAp2TtJ3HL4UPo3AKIUFzI/QflsDEvmYJc7CrOV4X66jNWwHSCaJg3fNvOYXV4e5g1ZCgsIMu4jjcDhQaSEPxAHsMyc7RvDF5o/ASQU7jdlAkLQdZV1023M3OLlBkLjC9c7SM5xVyXJRA6X3QRiPBcbuexYEPOgL2A2/7TEvTwF56dA0heCntvkYC6to0z34z4iF+BjOBIiXJJy2Xaz88h05dKBb66SfN3PtNV1PQcq3mNW7ewWOvw0I4Ndm9xtGpOYjEvW4qEeXqTTUF7TudNBWMN95f68teaCKJ6N95bwOfI6NmpLMGKIbPIWdOB6LqPqN/ILfxyLQQa2zwFh8eT3aLITdybGZXRZjk1DOt+fh2DuenqV5Yd/k8tC8FZRIEi/HwDlI/xuBYNsgKboPVVcKoGRqegYz8SZnZaGtyShbSevU9EleznnHKt0oiMBXMBAq0DjdK/Nyf/uUhaY/SJBVcvNJ4JIJ7hKAotDsOJulWJMFiO2Y/zKTxb16PeIaiEAAvEtXq2zUO+HMrjDib7Tvb7EfPXKEffHF5PhtZnBokKLUJ1OERrEc7ht1aKPRMVfebXwt0a/8gDH76V1qMoKdEzK69gt4iBD95CL9VXYpgWZ6M9GE3Oq1wXxFQiU6QihE+Xfzqr6cA+KCWmP73nvZILeXoMfYu2l0z20VEyhHToy0Ez+CDqOCXybWZW/k3heJykMnkxG/zzUmjhtTZ1pPt9diHz8Zf4uQkiDEXf/3KclBso151lBg0N60Tsg3icDPUlNfrASNl9wByZGjr7u+8CYdRcotalL8cVkqd3UnfIuLFjO/CY6IMJYIhJKJGpHqnbqYSt4kAyfwTQMFS8L6VgkHkn/zyckPVn9zWzkj9bTNUX+pC1MLQwda3yJGRj+/1dz0ywKrB2T+3Q/3+MUFkozg37xgW8yNt/k0CH72eyXw35TyN9YsfRaed73wEQO+W9HHhZCtHELkv3R4Q4rxJPYoRpDiGPpG/D4Bk/QcAYXZGZyn0RvjRcrQjQFC0JAOVGurWX3nmOxeYc8TtwbzUgu5G+xxjCqv1xm2zgh6aH4T4pi2Fbc8o1DxOcdCNTZW4l4uma9ig6Rt5EJ3BIVgjfnZFNHozt6jl+vU4HlRm7cymfh9YLmgeu6G81qZ/IftZrtePeVhoc3dwKOWt2nGb+M46Mc81VvmhYzh4rtVf5IuhmYz8qN6iYXRiOq/2yBnYECUMaaqCmru6TbMDpHQDNf5mYLOwc1+OW3C3I1E5Z3t0lCaI7XjscLptv3pDMqva3f7Stf6uuFxAJNSRS6YRJw2u/TlTfvfVRHjF2PEjFE2hGQMhVritau8DrkCAUq08u//7qQ4HWzW0eeNJ6d7JY+C+4t5/VrLdwwKb7zdcwaBE834pD/S1TKzWaN3qB73pfZan8czS0Nh9Il/lLgeRCcCT,iv:adWp0vpcTbasPy05KwtrsYbLSm4HAFUZ2Tb2ChfG4h0=,tag:yxOtSVBS8kiVviTUN/Butg==,type:str]
sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1r2ruadc42qz2ar82ytsfxudd7c06aq5qk75dhxsy0l56jkr79pzs2wpna3
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVdDNIbVNQWHhiaEVKU1J0
            bkhkMmcwNE9GMWlQejBvRTNMZDhwQlJtRnlZCjQ0QUM0NUtVZE43alVyU0x0aEpa
            alZkZGJRcU1pSW9tVi8vcENsb0l1Q0UKLS0tIHRicG82dTE3ZS9LSFY3SXdkZlNr
            dktSWkFncXRXekd1UzBYcHV5SjE5dDAKd7tbNmPCVGc+ou4m3CI3d5lzfi66RUar
            nIKvXrascvuJOMpXWGn1k/eyP4zCQSC9l9Y9HUsYytu0bqhFTX7ZzQ==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1zrmmyxzmuu97fdax3yf2ntu7e8maj7mg4nm3ay43q23d0mh7pfjsgdj029
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjSlpFRldDc1owUm0zczhz
            QU9ZOFpPWFJsR2FpTjQ1YWo5b2RnOXBtblg0CjFiSm1oeTJqYXRNRXl4ZmdvdjEy
            Y3Zkb0srM0F6QXZqQ2twL2hUbTg4MU0KLS0tIFBHWlNBclVmWlo5U1o3NnQ4THp5
            QnArSWR4UWZ1MWdsSTFxUFpvRTk5VUEK7wMovbnklm99Uv8olqSGNi7UGREj02So
            UyBPJN7VNITreo3Fh5cLtoYpUq3kjdVn5dTMtZ82VCyBy1L8XJ9tAA==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2023-12-20T09:22:02Z"
    mac: ENC[AES256_GCM,data:qm7E4EoizKZuBUQo8Ibva5fayb97wK2/4FnZJyaxbqAeemMSZiLheE46YrkzwcGcijexiTJH7kA0rSfde/JcgtojM7XuFOFk0oURfEIkkvcIe4hRub6IH2ZMWnh/MJ4UgQNB1igLOPYMWQ2jon1pW1AmKkjJdwXP7rNrD4lN0iE=,iv:wv/duAHduB84HSl1gnClQobgK292hVbL96LIt/T1ZGw=,tag:NQMA/RiZRrEe7m1RPG6msg==,type:str]
    pgp: []
    encrypted_suffix: secrets
    version: 3.7.3

When I edit any value this is changed to:

replicaCount: ENC[AES256_GCM,data:Lw==,iv:xyL1/SQNcdu0d3OPXSjw0IBOTsd8QSUB12Yya8BwSPU=,tag:WOQIKKUb589ZYKer2bq96A==,type:int]
image:
    repository: ENC[AES256_GCM,data:R17b0NK2HIOOgiVx6ol04w==,iv:xSHMocGyoS/t93mc4iQA1e6KOSNIQfedj7gLYuPmIZY=,tag:ACcaVd+NZQXuJ0AuSim7JQ==,type:str]
    pullPolicy: ENC[AES256_GCM,data:C7NYn7hK,iv:TzRG/d7EeXLqLNE8x8w04u6rjX+Damjrt949fkjKoyM=,tag:rq5EysOW8FZQsY8wFDJXxA==,type:str]
    tag: ENC[AES256_GCM,data:505KlX1B,iv:AjTAsKnRce2LeBfrlo4Mn0Tmk3L0NSD7scUFvwWtQKU=,tag:Rd9N56uC0fzZYDe8IDC0Vg==,type:str]
secrets:
    JWT_PRIVATE_KEY: ENC[AES256_GCM,data:y0SzfsC3hXc/eoCRbsd9dNFw5FoD/HaERfJka1c2KwoRRwMWyxnFHaP5azjDdGYzWEGHH8flK40Efhjbe+PMkxSt9qYxSKstsT5iOFClKcIpjHLhHY39FLy5pnHWFp/S3bzMgtjceVq/in8FdgfuSWhaitdGIqJx0RCa1A2w2LJ1gWhVcRgk0ofOhZFgonGowzbJXbWs2doyA/4MelKqLMEW/C1AfXpEIdF7Eh4cTvSpBRpmN+7mVmSTY7+wqP38TQ/5OQcqPeT/1mTNG5uvvsfOscHuQNTOJOs7KcyaFj8GwPcVBCPsfUz0LzhVJJQzVW953mUAcxxWoAhrsUANgiIpJc0IVq//VgDsEf1vdVAZCjhKWEPc5RKopBt8DsWP1Cm8JZIxN6MCBX4ujA+U64FWQ9mzy7dAluUxHD22hqeToSrMrl8vyDcbB8Qs89bx3yxOasPlSOujo3krViOjqPaFS02a4eZ3tD5NX8Y+wdAoatHAC772R5Ead09tK6hy+7KyFhKxnTxWybgNWFg2RSlzTdMAK1yBTxSGN17qMiY5HBZw5wbR8QMNJiYA/YQduhahuLtSQhrJvAVehAAKHc4jSkXobnj2q7Cbqj3Dciki74/sl60V7pgtWVEP276FRRYsVsu49uu2ggXU2mgWq2c5Sgo2XC9CGmmyPds+gmRr35NxU251sItoC/t3tkgzSxOBTQgsg1Y+29b3ZM0n/R/+eM2qkZHhTFCiv0y6+B84XUX6wdw50eJHzIazAubzH19+fVNHhuexbAlEwzcUkls32r7OWuLmb6k/XnjBhkXxHq9bDtlE2jdcd/cJiSRHgUkwXB8SQzuMToEOjsYTqBJrI/AHhkUFkkojIlJ0wZYMTwulZiKMDwxa/HAQenjvxowzqMPqwOiowabK4WCmUsVNF/r3stFBadLG/0977IGf+apSkXh9DUMtsGkSj4REo5jBeLd5rkyK3OGwV+OLBPQtf8jrpHskdvnaJzMiElxmyUCyMwqLgl+vmhYrv0zESA0kJJVI3lnF6u1chiw22CMo2m2hsl3oMgLXQBtSgTVEMHyjg9+splsFMsfvaPTWnzR5/Zm7TFEjv633H8VV+ndrzNGjh4lZnjGnPwQ91uQd8Qim3zD4c2u7gKc+4Xkoq1nlcZDKhcps3vwXqjXscqPcs1XwucFX4TueMtwj1irVkSdbt3RkwczpDS8/No8niDMh6Vc+jb0MLTm0Xj6PJKf/NJyaH9ewUdov++59HOet9ZiJ4bzR7H5D5tUThhD35SLfaLtEpSQCMWEvm7u4miAN3NkTye41C/o22B2CmElpR+dg21ZEyJJE1+NdLJc+xCGjYtDK2MBwt3HUQUV3o6e4EOvRjKcC48MGDAljJhJTaU7/yP8Xfi8AUJfrJAPd0Lj5A0IH6GA3Rp8eB6Vi4eWqY/HWXkfYJCUP8PnR8x1dcH9VFwlpnCxnOKK5HoAJ1rTNA7UoJQaqmd7icLMGLc9lvaBL/7v3l8DZdSvKyhOHo/7Q5OkmIHg26U5aqq4ruUA4gTGRtQ/wdRpK+2MHRiHX6H2tEwKRpyh7ikLYoJzVTFzN3fMDpY8kpn0rG7dK,iv:0mbac9e2rRrQ8fxrXiZcFcSjokSNJuiqBv6E/VsIo3g=,tag:Ycdbe4lX4n5iiYC0GkCnAA==,type:str]
sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1r2ruadc42qz2ar82ytsfxudd7c06aq5qk75dhxsy0l56jkr79pzs2wpna3
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxZ0VvaDJOSkdaM2ZRMUdJ
            dDJJbE03UUk0cndsaURybDRxbzdDR2tnaUZzCndkUzhnZzhmMXVONEt1WVpqNXlt
            Nkt3TXM1OTJkR0w5NzAva1VKR3I0YjQKLS0tIEZQQ3phZGUzOXdBcm1EWkEvSmtF
            KzZVOUFsaElFSmxUQk1UT1ROSUNDbmcKYEDXobiDzyFzC6dz4lBhIC3jSU64kueC
            n5jdElEn6IGkBFHqtI4DetFX0vXPBhvqaLhZ8KdsAlMf/KXx79ea3g==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1zrmmyxzmuu97fdax3yf2ntu7e8maj7mg4nm3ay43q23d0mh7pfjsgdj029
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVejVkQm1UYjVROFNzZ29W
            a21VNHpBZm1jajhvb2FNcENWeVBSbDd0N3hvCmwvU0VsejhzMjJDZ21uc3JFMkxF
            Q0NLdTQ0L01IeVJYOE9hZWFJNDZCejAKLS0tIFB6ZU9Ma3pqVlc3bmlrejMrK2hJ
            dUdzcWMrNkJtZUhuYmJEaTRqNVFsNEUKRhBYUp1s0kAnulomGE/L0DHdnA0cTuUo
            hRvUzSosZ3/CMISTjqF6AcTMvvlw004RszfatfZ3KURcG/lwHd44pQ==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2023-12-20T09:29:37Z"
    mac: ENC[AES256_GCM,data:6Zwah/K5ovNBnmyJopVFwR2hH+exj4n2iOk2JMATJ8zMADSGFrB1Jrt+bq9XMLWLWhOemx5NbTgMZu25hSIWhgYXhm0pgXDaVazXrUhLrH3IEaXjJdhPamUN2cMfyD9Empm3jMMayqqLSI1ZrJt9dI0gBIfT5XgYu7lm4Q5P2Bc=,iv:cY7Hzlsn60EABsRf6i4yINIEBxRRdKz2my3U1Xv1YZA=,tag:gE50tlvg+EVB1b6k8LW87g==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.3

Expected is that only secrets are encrypted, but not the line above.

Using:

Simple Sops Edit: v1.5.0
PhpStorm 2023.3.1 Build PS-233.11799.297
sops v3.7.3

intellij-sops-plugin doesn't respect path_regex and encrypted_regex in config .sops.yaml

I've instructed sops don't encrypt metadata fields in my Kubernetes Secret with the following config .sops.yaml:

creation_rules:
- path_regex: ".*-secret.yaml|.*-secret.patch.yaml"
  encrypted_regex: ^(data|stringData)$
  azure_keyvault: https://xxx
- path_regex: ""
  azure_keyvault: https://xxx

But as a result I get encrypted both metada and data in my Secret datasource-secret.enc.yaml:

apiVersion: ENC[AES256_GCM,data:EUE=,iv:HTIqw0lOoUzwxMR5t7PihyP3wqBw4jkLjOUdX0Qq/Ms=,tag:wUfy5isnV1CYCDek5UEnHA==,type:str]
kind: ENC[AES256_GCM,data:zzYYjAkj,iv:SWmwGdqwAfo/9yBrBLkvPt12zoVhYlBjJoBbyVg9F1E=,tag:X9o9byzQ2vUJh7hnEtuYVw==,type:str]
metadata:
    name: ENC[AES256_GCM,data:YDi1NH/10KjCqdeNxe8b19L3Jw==,iv:F2JTPS1xDJiWt9S1ZA4sK3sQ9GIlaZJ0CMx7uf+kGUs=,tag:VW2WOvQNf9pBE1hSeqq7+A==,type:str]
    labels:
        grafana_datasource: ENC[AES256_GCM,data:hQ==,iv:qfZL9xZehxFtAAPZdyAnXgssq8YJgPTi4K5lj/IqFyM=,tag:FpsgH9j9LZr8zezWrOWScQ==,type:str]
type: ENC[AES256_GCM,data:Ke1N21eD,iv:R72nJnkhhJrfh9pMWhTKaOhhGD8k8HtX4ww2wuwWycU=,tag:EZ5KBhnc1RfG7xa2VEooog==,type:str]
stringData:
    datasource.yaml: ENC[XXX]

Running the original sops binary it works as expected and metadata is not encrypted:

sops -e datasource-secret.yaml > datasource-secret.enc.yaml

apiVersion: v1
kind: Secret
metadata:
    name: grafana-datasources
    labels:
        grafana_datasource: "1"
type: Opaque
stringData:
    datasource.yaml: ENC[XXX]

Feature Request: Allow customisation of SOPS path

Problem
As sops fails to handle AWS profiles correctly and we're using KMS keys from different AWS accounts, some sops files can't be opened because of the incorrect profile being selected. There's an upstream sops issue that hasn't been fixed in years.

Request
If the SOPS plugin would allow to customise the path to the sops executable, one could write a little wrapper script that invokes sops with the given arguments and picks the right AWS_PROFILE based on file name or alike.

Sops does not recognise encrypted secrets.yaml

Hey i have the same issue as https://plugins.jetbrains.com/plugin/21317-simple-sops-edit/reviews#review=83441 mentioned.
I already created a new Project with .sops.yaml on top level and a test/secrets.yaml file.
Thanks