Skip to content

Commit b298cc0

Browse files
Add document_start_marker option for YAML stores
Prepend '---' to YAML output when enabled, addressing tools like yamllint and ytt that often expect the document start marker. Configurable via .sops.yaml or --document-start-marker flag. Refs #1158 Signed-off-by: david amick <david@davidamick.com>
1 parent 6e117ab commit b298cc0

5 files changed

Lines changed: 90 additions & 2 deletions

File tree

README.rst

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1472,6 +1472,19 @@ You can enable this with the ``--compact-array-indent`` CLI option or by configu
14721472
yaml:
14731473
compact_array_indent: true
14741474
1475+
YAML document start marker
1476+
~~~~~~~~~~~~~~~~~~~~~~~~~~~
1477+
1478+
By default, SOPS strips the ``---`` document start marker during encryption. This might
1479+
violate linting rules. You can preserve the marker with the ``--document-start-marker``
1480+
CLI option or by configuring ``.sops.yaml`` with:
1481+
1482+
.. code:: yaml
1483+
1484+
stores:
1485+
yaml:
1486+
document_start_marker: true
1487+
14751488
YAML anchors
14761489
~~~~~~~~~~~~
14771490
@@ -2144,6 +2157,9 @@ The store configuration object can have the following keys:
21442157
indicator (``"- "``) is considered part of the indentation. Combined with ``indent: 2``,
21452158
this produces output where arrays are flush with their parent key.
21462159
2160+
* ``document_start_marker`` (boolean; default ``false``): when enabled, prepends the
2161+
``---`` document start marker to the YAML output.
2162+
21472163
Encryption Protocol
21482164
-------------------
21492165

cmd/sops/main.go

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1867,6 +1867,10 @@ func main() {
18671867
Name: "compact-array-indent",
18681868
Usage: "use compact YAML array indentation where '- ' is considered part of the indentation",
18691869
},
1870+
cli.BoolFlag{
1871+
Name: "document-start-marker",
1872+
Usage: "prepend the YAML document start marker '---' to the output",
1873+
},
18701874
cli.BoolFlag{
18711875
Name: "verbose",
18721876
Usage: "Enable verbose logging output",
@@ -2401,6 +2405,9 @@ func outputStore(context *cli.Context, path string) (common.Store, error) {
24012405
if context.GlobalBool("compact-array-indent") {
24022406
storesConf.YAML.CompactArrayIndent = true
24032407
}
2408+
if context.GlobalBool("document-start-marker") {
2409+
storesConf.YAML.DocumentStartMarker = true
2410+
}
24042411

24052412
return common.DefaultStoreForPathOrFormat(storesConf, path, context.String("output-type")), nil
24062413
}

config/config.go

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -112,8 +112,9 @@ type JSONBinaryStoreConfig struct {
112112
}
113113

114114
type YAMLStoreConfig struct {
115-
Indent int `yaml:"indent"`
116-
CompactArrayIndent bool `yaml:"compact_array_indent"`
115+
Indent int `yaml:"indent"`
116+
CompactArrayIndent bool `yaml:"compact_array_indent"`
117+
DocumentStartMarker bool `yaml:"document_start_marker"`
117118
}
118119

119120
type StoresConfig struct {

stores/yaml/store.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -423,6 +423,9 @@ func (store *Store) EmitEncryptedFile(in sops.Tree) ([]byte, error) {
423423
}
424424
}
425425
e.Close()
426+
if store.config.DocumentStartMarker && !bytes.HasPrefix(b.Bytes(), []byte("---")) {
427+
return append([]byte("---\n"), b.Bytes()...), nil
428+
}
426429
return b.Bytes(), nil
427430
}
428431

@@ -456,6 +459,9 @@ func (store *Store) EmitPlainFile(branches sops.TreeBranches) ([]byte, error) {
456459
}
457460
}
458461
e.Close()
462+
if store.config.DocumentStartMarker && !bytes.HasPrefix(b.Bytes(), []byte("---")) {
463+
return append([]byte("---\n"), b.Bytes()...), nil
464+
}
459465
return b.Bytes(), nil
460466
}
461467

stores/yaml/store_test.go

Lines changed: 58 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -541,6 +541,64 @@ func TestCompactArrayIndentDisabled(t *testing.T) {
541541
assert.Equal(t, string(in), string(bytes))
542542
}
543543

544+
func TestDocumentStartMarker(t *testing.T) {
545+
in := []byte(`key: value
546+
nested:
547+
list:
548+
- a
549+
- b
550+
`)
551+
expected := []byte(`---
552+
key: value
553+
nested:
554+
list:
555+
- a
556+
- b
557+
`)
558+
branches, err := (&Store{}).LoadPlainFile(in)
559+
assert.Nil(t, err)
560+
bytes, err := (&Store{
561+
config: config.YAMLStoreConfig{
562+
DocumentStartMarker: true,
563+
},
564+
}).EmitPlainFile(branches)
565+
assert.Nil(t, err)
566+
assert.Equal(t, string(expected), string(bytes))
567+
}
568+
569+
func TestDocumentStartMarkerMultiDoc(t *testing.T) {
570+
in := []byte(`---
571+
key1: value1
572+
---
573+
key2: value2`)
574+
expected := []byte(`---
575+
key1: value1
576+
---
577+
key2: value2
578+
`)
579+
branches, err := (&Store{}).LoadPlainFile(in)
580+
assert.Nil(t, err)
581+
bytes, err := (&Store{
582+
config: config.YAMLStoreConfig{
583+
DocumentStartMarker: true,
584+
},
585+
}).EmitPlainFile(branches)
586+
assert.Nil(t, err)
587+
assert.Equal(t, string(expected), string(bytes))
588+
}
589+
590+
func TestDocumentStartMarkerDisabled(t *testing.T) {
591+
in := []byte(`key: value
592+
`)
593+
branches, err := (&Store{}).LoadPlainFile(in)
594+
assert.Nil(t, err)
595+
bytes, err := (&Store{}).EmitPlainFile(branches)
596+
assert.Nil(t, err)
597+
assert.Equal(t, string(in), string(bytes))
598+
// Verify no '---' was prepended
599+
assert.False(t, len(bytes) > 3 && string(bytes[:3]) == "---")
600+
}
601+
544602
func TestHasSopsTopLevelKey(t *testing.T) {
545603
ok := (&Store{}).HasSopsTopLevelKey(sops.TreeBranch{
546604
sops.TreeItem{

0 commit comments

Comments
 (0)