Tell "sops set --value-file [...]" to treat "-" as stdin

Using "-" to mean stdin/standard input is common in CLI tools; here are
some examples: cat, sed, grep, tar, python, curl, openssl.

Signed-off-by: Bjørn Forsman <bjorn.forsman@gmail.com>

Author: bjornfor

cmd/sops/main.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	encodingjson "encoding/json"
 	"fmt"
+	"io"
 	"net"
 	"net/url"
 	"os"
@@ -1387,7 +1388,7 @@ func main() {
 				},
 				cli.BoolFlag{
 					Name:  "value-file",
-					Usage: "treat 'value' as a file to read the actual value from (avoids leaking secrets in process listings)",
+					Usage: "treat 'value' as a file to read the actual value from (avoids leaking secrets in process listings). The special value '-' means read from stdin",
 				},
 				cli.IntFlag{
 					Name:  "shamir-secret-sharing-threshold",
@@ -1437,7 +1438,12 @@ func main() {
 				var data string
 				if c.Bool("value-file") {
 					filename := c.Args()[2]
-					content, err := os.ReadFile(filename)
+					var content []byte
+					if filename == "-" {
+						content, err = io.ReadAll(os.Stdin)
+					} else {
+						content, err = os.ReadFile(filename)
+					}
 					if err != nil {
 						return toExitError(err)
 					}

functional-tests/src/lib.rs

@@ -538,6 +538,59 @@ bar: baz",
         panic!("Output JSON does not have the expected structure");
     }
 
+    #[test]
+    fn set_json_file_insert_with_value_file_stdin() {
+        let file_path = prepare_temp_file(
+            "test_set_json_file_insert_with_value_file_stdin.json",
+            r#"{"a": 2, "b": "ba"}"#.as_bytes(),
+        );
+        assert!(
+            Command::new(SOPS_BINARY_PATH)
+                .arg("encrypt")
+                .arg("-i")
+                .arg(file_path.clone())
+                .output()
+                .expect("Error running sops")
+                .status
+                .success(),
+            "sops didn't exit successfully"
+        );
+        let process = Command::new(SOPS_BINARY_PATH)
+            .arg("set")
+            .arg("--value-file")
+            .arg(file_path.clone())
+            .arg(r#"["c"]"#)
+            .arg("-")
+            .stdin(Stdio::piped())
+            .stdout(Stdio::piped())
+            .spawn()
+            .expect("Error running sops");
+        write_to_stdin(
+            &process,
+            b"{\"cc\": \"ccc\"}");
+        let output = process.wait_with_output().expect("Failed to wait on sops");
+        println!(
+            "stdout: {}, stderr: {}",
+            String::from_utf8_lossy(&output.stdout),
+            String::from_utf8_lossy(&output.stderr)
+        );
+        assert!(output.status.success(), "sops didn't exit successfully");
+        let mut s = String::new();
+        File::open(file_path)
+            .unwrap()
+            .read_to_string(&mut s)
+            .unwrap();
+        let data: Value = serde_json::from_str(&s).expect("Error parsing sops's JSON output");
+        if let Value::Mapping(data) = data {
+            let a = data.get(&Value::String("c".to_owned())).unwrap();
+            if let &Value::Mapping(ref a) = a {
+                assert_encrypted!(&a, Value::String("cc".to_owned()));
+                return;
+            }
+        }
+        panic!("Output JSON does not have the expected structure");
+    }
+
     #[test]
     fn set_yaml_file_update() {
         let file_path = prepare_temp_file(