-
-
Notifications
You must be signed in to change notification settings - Fork 98
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SOPS support #592
Comments
We've recently extended atmos to support all types of datasources, although most are from It's a really interesting idea if stack configs could reference a datasource for SOPS encrypted secrets, guarded by cloud-specific keys like KMS. See how we configure data sources today: https://atmos.tools/cli/configuration#templates All we would need to do is add a datasource for a sops-encrypted file, then we could support key/value lookups using all the normal mechanisms. |
We can include them simply in the Atmos core, without requiring them in the upstream dependencies. Also, if any of your team would be interested in getting more involved hands-on, let me know and we can coordinate. |
This will be a very interesting feature to add to atmos Currently, I am using terragrunt which has a natif support if sops datasource and this block me to move into atmos |
Describe the Feature
It would be great if Atmos had some interface for retrieving secrets from SOPS to be passed into terraform configuration.
Because we do our terraform configuration in Atmos' YAML, our TF configuration remains the same across environments/deployments. This is usually a good thing, but when something like a secret would change across environments, now we either need our terraform configuration to have some dynamic portion where it will grab the correct secret, or we would need to put the secret in raw YAML which isn't gonna happen.
I'm not sure about the extensibility of YAML
Expected Behavior
Some function in Atmos YAML to decode a SOPS secret from a given path.
Or some function in Atmos to read our SOPS files based on which stack/environment we are currently in and make those secrets available to reference in the YAML somehow.
Use Case
Secrets management can be better integrated with Atmos.
Describe Ideal Solution
See expected behavior
Alternatives Considered
No response
Additional Context
Terraform has a SOPS provider that we can use to do this work in our modules, and Terragrunt has native SOPS functions that can be used to do this in orchestration. Their implementation can be a reference.
The text was updated successfully, but these errors were encountered: