sops -e will run with a broken config (only when the creation_rule is a map, - blah: works, -blah doesn't) and not save a master key.
$ cat .sops.yaml
creation_rules:
- blah:
$ cat foo.yaml
foo: bar
$ sops -e foo.yaml
foo: ENC[AES256_GCM,data:qVOZ,iv:z+vaqV+xcNzghECBO4Cv6zv+wY8ROAAiCFQTzVZB+KU=,tag:R5KV4+Ioke1mtH+2SAuu9g==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
lastmodified: '2019-06-11T21:54:58Z'
mac: ENC[AES256_GCM,data:zo2uiTvpVZyP1C+q5g4YQw52MpvRKKZ9bjtSrCPUptSwKgo9G3VGLbvgkqHBqvAkXWxgSR+JLgl2iZLr5Jur1tUDsFEMxd2++8cbpgpCDKUVG6/WMlfxIROyvZKteyyZokwWaspVe5vxpMAdCO7BavwmmOwaRvnp5f+Dq7vDJ3k=,iv:9HsScdpvTCm7DAtVtdOfZ6fYp4J8kO8L9qzKxF6hs5Q=,tag:UnoQYfGhC0K1GPG6zjGgTQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.2.0
Interesting edge case. Tested on both 3.2.0 and 3.3.1
sops -ewill run with a broken config (only when the creation_rule is a map,- blah:works,-blahdoesn't) and not save a master key.Interesting edge case. Tested on both 3.2.0 and 3.3.1