Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to run gui editor? #127

Closed
mxxcon opened this issue Oct 20, 2016 · 6 comments
Closed

How to run gui editor? #127

mxxcon opened this issue Oct 20, 2016 · 6 comments

Comments

@mxxcon
Copy link

mxxcon commented Oct 20, 2016

It appears that I can't use gui-based editors such as Atom or Sublime with sops.
My .bash_profile contains export EDITOR=/usr/local/bin/atom
When I try to edit any sops-encrypted file I get something like:

mxx@MacBook-Pro:[~]: sops myfile.yaml
INFO: myfile.yaml doesn't exist, creating it.
INFO: generating and storing data encryption key
INFO: temp file created at /var/folders/b1/pwv5g6795fld3f0vt14kky_40000gp/T/tmpq6K2_D.yaml
PANIC: myfile.yaml has not been modified, exit without writing

A few sec later Atom opens up with that tmpq6K2_D.yaml file.
It is my understanding that this happens because gui editors open in a separate process outside of my terminal.
Regular terminal editors such vi/nano/mcedit work as expected.
How can I use gui editors with sops?
@autrilla
Copy link
Contributor

sops will wait for the editor to exit. It looks like atom spawns a child process and then exits the main process. This will not work with sops. Atom has a -w command line flag that will wait for the main window to be closed before exiting. Create a /usr/local/bin/atom-blocking with

#!/bin/bash
atom -w

And set EDITOR to that.

@jvehent
Copy link
Contributor

jvehent commented Oct 21, 2016

How about adding this information to the README ?

@jvehent
Copy link
Contributor

jvehent commented Oct 25, 2016

Could you add a note for this to the readme?

On Oct 20, 2016 3:28 PM, "Adrian Utrilla" [email protected] wrote:

Closed #127 #127.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#127 (comment), or mute the
thread
https://github.com/notifications/unsubscribe-auth/AAZXgf25nyb65umaMQt8ZcYUE0_GvY_Cks5q1-r0gaJpZM4KcgYZ
.

@autrilla autrilla mentioned this issue Sep 21, 2018
Closed
@autrilla autrilla mentioned this issue Jan 30, 2020
Closed
@0xLeidenfrost
Copy link

0xLeidenfrost commented Dec 15, 2020
edited
Loading

On slightly more modern versions of atom, the same can be achieved without creating any scripts, but rather just by exporting editor as follows:export EDITOR="atom -w"

@patricknelson
Copy link

patricknelson commented Dec 19, 2020
edited
Loading

And for folks flexing Jetbrains IDEs, you can use the --wait flag. I'm on Windows, so to add a little diversity to the script examples:

@echo off
"C:\Program Files\JetBrains\PhpStorm 2019.3\bin\phpstorm64.exe" --wait %1

Drop that into a new batch file (e.g. phpstorm-blocking.bat) and just point the environment variable to that batch file. Of course, update the path as needed. Also note that, on Windows, you currently need to also do some interesting escaping to the path to this batch file if you really want it to work with sops. 😕

So in my case, the final value of EDITOR ends up becoming this for me (note that the value itself purposefully contains quotes and extra slashes, which can be confusing, but explained in issue #778 you can also use single quotes with forward slashes as well):

"C:\\Users\\patnelson\\Google Drive\\scripts\\phpstorm-blocking.bat"

However, after doing all this, it works like a charm in PhpStorm. 🎉

@hiddeco hiddeco mentioned this issue Sep 19, 2023
Closed
@onnimonni
Copy link

Hey,

This issue was linked from Stackoverflow: https://stackoverflow.com/a/52451086.

I just wanted to mention that this is terrible advice with VS Code if you are using co-pilot or 3rd party VS Code extensions.

Let's say that I would open sops file like this:

$ EDITOR="code --wait" sops secrets/testing.yaml

I was using it myself and I noticed that VS Code will send the contents of the file to remote servers to get auto completes with co-pilot:
Image

I'm not sure if co-pilot will use these as training data or not but it's probably anyway not a good idea to do this.

I'm also not good with vim and want to use VS Code for secrets and this is what I do myself:

$ EDITOR="code --wait --new-window --disable-workspace-trust --disable-extensions --disable-telemetry" sops secrets/testing.yaml

it seems to me that --new-window was needed just because otherwise the other flags don't work.

There's also an option to add something like this into your VS CODE settings.json:

{
    // We will use these custom file associations to disable co-pilot
    // See more in: https://stackoverflow.com/a/77908836/1337062
    "files.associations": {
        // If repo would contain secrets in .env file it's better to ignore it
        ".env*": "plaintext",
        // SOPS creates unencrypted temporary files here on MacOS
        "/var/folders/*/**": "plaintext",
    },
    // This setting can't be altered here and
    // needs to be copied directly into user settings
    "github.copilot.enable": {
        "*": true,
        "plaintext": false,
    },
}

I recommend doing both of these if your plaintext unencryted secrets are important to you. Here's a sample commit how I'm handling this same topic in my own product: midworkhq/midwork@ad4124f

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@jvehent @mxxcon @autrilla @patricknelson @onnimonni @0xLeidenfrost