While decrypt allows me to extract sub-part of the document tree, I cannot do this with exec-file or exec-env.
Having ability to do this would be very useful.
I would expect something like the following to work:
sops exec-file --output-type json --extract '["server"]["privatekey"]' secrets.yaml "yarn start --private-key {}"