Topics
This is a security release, fixing a potential information leak in the sops_encrypt module.
- sops_encrypt - mark the
aws_secret_access_keyandaws_session_tokenparameters asno_logto avoid leakage of secrets (ansible-collections#54).
This release include some fixes to Ansible docs and required changes for inclusion in Ansible.
- sops lookup plugins - fix wrong format of Ansible variables so that these are actually used (ansible-collections#51).
- sops vars plugins - remove non-working Ansible variables (ansible-collections#51).
Fix of 1.0.1 release which had no changelog entry.
Re-release of 1.0.0 to counteract error during release.
First stable release. This release is expected to be included in Ansible 3.0.0.
- All plugins and modules: allow to pass generic sops options with new options
config_path,enable_local_keyservice,keyservice. Also allow to pass AWS parameters with optionsaws_profile,aws_access_key_id,aws_secret_access_key, andaws_session_token(ansible-collections#47). - sops_encrypt - allow to pass encryption-specific options
kms,gcp_kms,azure_kv,hc_vault_transit,pgp,unencrypted_suffix,encrypted_suffix,unencrypted_regex,encrypted_regex,encryption_context, andshamir_secret_sharing_thresholdto sops (ansible-collections#47).
This release adds features for the lookup and vars plugins.
- sops lookup plugin - add
empty_on_not_existoption which allows to return an empty string instead of an error when the file does not exist (ansible-collections#33). - sops vars plugin - add option to control caching (ansible-collections#32).
- sops vars plugin - add option to determine when vars are loaded (ansible-collections#32).
First release of the community.sops collection! This release includes multiple plugins: an action plugin, a lookup plugin and a vars plugin.
- sops - Read sops encrypted file contents
- sops - Loading sops-encrypted vars files
- load_vars - Load sops-encrypted variables from files, dynamically within a task
- sops_encrypt - Encrypt data with sops