Topics
Major verison that drops support for End of Life Ansible/ansible-base/ansible-core versions.
- The collection no longer supports Ansible 2.9, ansible-base 2.10, ansible-core 2.11, ansible-core 2.12, ansible-core 2.13, and ansible-core 2.14. If you need to continue using End of Life versions of Ansible/ansible-base/ansible-core, please use community.sops 1.x.y (#206).
Bugfix release.
- sops_encrypt - pass absolute paths to
module.atomic_move()(ansible/ansible#83950, #208).
Feature release.
- decrypt filter plugin - now supports the input and output type
ini(#204). - sops lookup plugin - new option
extractallows extracting a single key out of a JSON or YAML file, equivalent to sops'decrypt --extract(#200). - sops lookup plugin - now supports the input and output type
ini(#204).
Maintenance release with updated documentation and changelog.
- The collection deprecates support for all Ansible/ansible-base/ansible-core versions that are currently End of Life, according to the ansible-core support matrix. This means that the next major release of the collection will no longer support Ansible 2.9, ansible-base 2.10, ansible-core 2.11, ansible-core 2.12, ansible-core 2.13, and ansible-core 2.14.
Bugfix release.
Feature release for supporting improvements coming with SOPS 3.9.0.
- Detect SOPS 3.9.0 and use new
decryptandencryptsubcommands (#190). - sops vars plugin - new option
handle_unencrypted_filesallows to control behavior when encountering unencrypted files with SOPS 3.9.0+ (#190).
- sops_encrypt - properly support
path_regexin.sops.yamlwhen SOPS 3.9.0 or later is used (#153, #190).
Bugfix and feature release to fix installation issues with SOPS 3.9.0.
- sops vars plugin - allow to configure the valid extensions with an
ansible.cfgentry or with an environment variable (#185).
- Fix RPM URL for the 3.9.0 release (#188).
Bugfix release.
- sops_encrypt - ensure that output-type is set to
yamlwhen the file extension.ymlis used. Now both.yamland.ymlfiles use the SOPS--output-type=yamlformatting (#164).
Make fully compatible with and test against sops 3.8.0.
- Fix RPM URL for the 3.8.0 release (#161).
Make compatible with and test against sops 3.8.0-rc.1.
- Avoid pre-releases when picking the latest version when using the GitHub API method (#159).
- Fix changed DEB and RPM URLs for 3.8.0 and its prerelease(s) (#159).
Maintenance/bugfix release for the move of sops to the new getsops GitHub organization.
- install role - fix
sops_github_latest_detection=latest-release, which broke due to sops moving to another GitHub organization (#151).
Maintenance release with updated documentation.
From this version on, community.sops is using the new Ansible semantic markup in its documentation. If you look at documentation with the ansible-doc CLI tool from ansible-core before 2.15, please note that it does not render the markup correctly. You should be still able to read it in most cases, but you need ansible-core 2.15 or later to see it as it is intended. Alternatively you can look at the devel docsite for the rendered HTML version of the documentation of the latest release.
- Ansible markup will show up in raw form on ansible-doc text output for ansible-core before 2.15. If you have trouble deciphering the documentation markup, please upgrade to ansible-core 2.15 (or newer), or read the HTML documentation on https://docs.ansible.com/ansible/devel/collections/community/sops/.
Maintenance release.
- install role - make sure that the
pkg_mgrfact is definitely available when installing onlocalhost. This can improve error messages in some cases (#145, #146).
Maintenance release.
- action plugin helper - fix handling of deprecations for ansible-core 2.14.2 (#136).
- various plugins - remove unnecessary imports (#133).
Feature release improving the installation role.
- install role - add
sops_github_latest_detectionoption that allows to configure which method to use for detecting the latest release on GitHub. By default (auto) first tries to retrieve a list of recent releases using the API, and if that fails due to rate limiting, tries to obtain the latest GitHub release from a semi-documented URL (#133). - install role - add
sops_github_tokenoption to allow passing a GitHub token. This can for example be used to avoid rate limits when using the role in GitHub Actions (#132). - install role - implement another method to determine the latest release on GitHub than using the GitHub API, which can make installation fail due to rate-limiting (#131).
Feature release.
- Automatically install GNU Privacy Guard (GPG) in execution environments. To install Mozilla sops a manual step needs to be added to the EE definition, see the collection's documentation for details (#98).
- community.sops.install - Installs sops and GNU Privacy Guard on all remote hosts
- community.sops.install_localhost - Installs sops and GNU Privacy Guard on localhost
- community.sops.install - Install Mozilla sops
Maintenance release to improve compatibility with future ansible-core releases.
- load_vars - ensure compatibility with newer versions of ansible-core (#121).
Feature release.
- Allow to specify age keys as
age_key, or age keyfiles asage_keyfile(#116, #117). - sops_encrypt - allow to specify age recipients (#116, #117).
Feature release.
- All software licenses are now in the
LICENSES/directory of the collection root, and the collection repository conforms to the REUSE specification except for the changelog fragments (https://github.com/ansible-collections/community.crypto/sops/108, #113). - sops vars plugin - added a configuration option to temporarily disable the vars plugin (#114).
Fix formatting bug in documentation. No code changes.
Maintenance release.
- Include
simplified_bsd.txtlicense file for thesopsmodule utils.
Maintenance release with updated documentation.
Collection release for inclusion in Ansible 4.9.0 and 5.1.0.
This release contains a change allowing to configure generic plugin options with ansible.cfg keys and env variables.
- sops lookup and vars plugin - allow to configure almost all generic options by ansible.cfg entries and environment variables (#81).
A minor release for inclusion in Ansible 4.2.0.
- Avoid internal ansible-core module_utils in favor of equivalent public API available since at least Ansible 2.9 (#73).
- community.sops.decrypt - Decrypt sops-encrypted data
This release makes the collection compatible to the latest beta release of ansible-core 2.11.
- action_module plugin helper - make compatible with latest changes in ansible-core 2.11.0b3 (#58).
- community.sops.load_vars - make compatible with latest changes in ansible-core 2.11.0b3 (#58).
This release fixes a bug that prevented correct YAML file to be created when the output was ending in .yaml.
- community.sops.sops_encrypt - use output type
yamlwhen path ends with.yaml(#56).
This is a security release, fixing a potential information leak in the community.sops.sops_encrypt module.
- community.sops.sops_encrypt - mark the
aws_secret_access_keyandaws_session_tokenparameters asno_logto avoid leakage of secrets (#54).
This release include some fixes to Ansible docs and required changes for inclusion in Ansible.
- community.sops.sops lookup plugins - fix wrong format of Ansible variables so that these are actually used (#51).
- community.sops.sops vars plugins - remove non-working Ansible variables (#51).
Fix of 1.0.1 release which had no changelog entry.
Re-release of 1.0.0 to counteract error during release.
First stable release. This release is expected to be included in Ansible 3.0.0.
- All plugins and modules: allow to pass generic sops options with new options
config_path,enable_local_keyservice,keyservice. Also allow to pass AWS parameters with optionsaws_profile,aws_access_key_id,aws_secret_access_key, andaws_session_token(#47). - community.sops.sops_encrypt - allow to pass encryption-specific options
kms,gcp_kms,azure_kv,hc_vault_transit,pgp,unencrypted_suffix,encrypted_suffix,unencrypted_regex,encrypted_regex,encryption_context, andshamir_secret_sharing_thresholdto sops (#47).
This release adds features for the lookup and vars plugins.
- community.sops.sops lookup plugin - add
empty_on_not_existoption which allows to return an empty string instead of an error when the file does not exist (#33). - community.sops.sops vars plugin - add option to control caching (#32).
- community.sops.sops vars plugin - add option to determine when vars are loaded (#32).
First release of the community.sops collection!
This release includes multiple plugins: an action plugin, a lookup plugin and a vars plugin.
- community.sops.sops - Read sops encrypted file contents
- community.sops.sops - Loading sops-encrypted vars files
- community.sops.load_vars - Load sops-encrypted variables from files, dynamically within a task
- community.sops.sops_encrypt - Encrypt data with sops