Add "--value-file" option to "sops set [...]" #1876
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bjornfor
force-pushed
the
set-value-from-file
branch
from
a241b77 to
0efd03e
Compare
Contributor
Author
|
About the CI failure; I amended the commit to include sign-off. When is CI going to be run again? (It's been 8+ hours.) |
Contributor
That runs the unit tests; these also pass in CI. What fails are the functional tests (
When someone with appropriate rights presses the buttons. Please remember that we are volunteers who do this in their free time. |
Contributor
Author
Ok, thanks. I can reproduce the
Oh, sorry, I thought it was automatic, and given the short time spent on "make test" locally I was surprised about 8+ hour latency on github 🙈 |
bjornfor
force-pushed
the
set-value-from-file
branch
from
0efd03e to
ee2de08
Compare
Contributor
Author
|
Functional tests are passing locally now (except for I'll try to create a functional test for the new "--value-file" option tomorrow. |
bjornfor
force-pushed
the
set-value-from-file
branch
2 times, most recently
from
6e2475f to
5fe0683
Compare
Contributor
Author
|
Hm. The first full Where's the state that makes the test non-deterministic? How to get rid of it? |
Contributor
Author
It seems test order is random, and some orders work, some does not:
I based the new test, Actually, it might be more nuanced than test order: I ran |
Contributor
Author
|
Here's the output of a failing/racy run: |
Contributor
|
Using different filenames from the test you modified can help. |
bjornfor
force-pushed
the
set-value-from-file
branch
from
5fe0683 to
088d677
Compare
Contributor
Author
Aha, The latest push fixes the tests, by using a unique file name. |
| cli.BoolFlag{ | ||
| Name: "value-file", | ||
| Usage: "treat 'value' as a file to read the actual value from (avoids leaking secrets in process listings)", | ||
| }, |
Contributor
There was a problem hiding this comment.
How about adding a (mutually exclusive) further option that reads from stdin instead of a file? That would provide a platform independent way of reading from stdin (/dev/stdin doesn't work on Windows).
Contributor
Author
There was a problem hiding this comment.
Sure, but that would take some more time for me to implement and test (noob here). Also, isn't that something that can be added on top of this PR and is not in conflict/wrong direction with this change (iow, not a blocker)?
Another option could be to make the "value" argument optional, and if missing, read from stdin. (On Linux it's trivial to pipe file contents to stdin, I don't know about Windows.)
Thoughts?
Contributor
There was a problem hiding this comment.
I personally think it's better to make things explicit, and let the user explicitly ask for reading from stdin, instead of implicitly just doing that and confusing users which forget the value argument and then wonder why the program is "hanging".
Contributor
Author
There was a problem hiding this comment.
Good point. So that makes the PR as-is go in the right direction.
Contributor
Author
There was a problem hiding this comment.
@felixfontein: I'm not sure if you're waiting for me to add --value-stdin flag, or someone else to review, but I started looking at adding --value-stdin just now. And the first issue is that it removes the need for the "value" positional argument. Which means the help text will be confusing/wrong.
How about using the special value - to mean "read from stdin"? Many CLI tools already use that. It can be documented in the --value-file option.
Contributor
Author
There was a problem hiding this comment.
I added "treat - as stdin", and rebased.
Contributor
There was a problem hiding this comment.
Sorry for the late reply; I think having a dedicated option is better than using -. (We had a similar discussion in #739 (comment); after reading FiloSottile/age#494 I prefer a separate option. Magic can always lead to trouble, including security problems, and treating - different from other files would be some magic.)
Contributor
Author
There was a problem hiding this comment.
Ok. I removed treating '-' as stdin in the latest update. Not because I agree, but because I'd rather not have that block us from fixing the current secret leakage in process listings when using "sops set".
(I don't see how --value-stdin can fit into the existing "sop set [..]" interface, so that'll have to be implemented by someone else. The problem is how to have an interface with mandatory positional arguments where an optional flag removes the need for a preivously mandatory positional argument. I think it either becomes an ugly interface, which is difficult to document, or we need separate "sops set-from-stdin", which is just a different kind of ugly, IMHO.)
bjornfor
force-pushed
the
set-value-from-file
branch
2 times, most recently
from
9494c74 to
243f7c4
Compare
Contributor
Author
|
Linter issue fixed. |
bjornfor
force-pushed
the
set-value-from-file
branch
from
243f7c4 to
c98d336
Compare
This allows running "sops set [...]" without leaking secrets in process listings. To read secrets from stdin, use "/dev/stdin" as the file path. Fixes getsops#729 Signed-off-by: Bjørn Forsman <bjorn.forsman@gmail.com>
bjornfor
force-pushed
the
set-value-from-file
branch
from
c98d336 to
cc4d207
Compare
felixfontein
approved these changes
Jul 23, 2025
Contributor
|
@bjornfor thanks a lot for your contribution! |
felixfontein
added a commit
to felixfontein/sops
that referenced
this pull request
Jul 23, 2025
Signed-off-by: Felix Fontein <felix@fontein.de>
Contributor
|
I created #1894 for |
Contributor
Author
|
@felixfontein: Thanks! |
felixfontein
added a commit
to felixfontein/sops
that referenced
this pull request
Aug 6, 2025
Signed-off-by: Felix Fontein <felix@fontein.de>
tmeijn
pushed a commit
to tmeijn/dotfiles
that referenced
this pull request
Oct 1, 2025
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [getsops/sops](https://github.com/getsops/sops) | minor | `v3.10.2` -> `v3.11.0` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>getsops/sops (getsops/sops)</summary> ### [`v3.11.0`](https://github.com/getsops/sops/releases/tag/v3.11.0) [Compare Source](getsops/sops@v3.10.2...v3.11.0) #### Installation To install `sops`, download one of the pre-built binaries provided for your platform from the artifacts attached to this release. For instance, if you are using Linux on an AMD64 architecture: ```shell ### Download the binary curl -LO https://github.com/getsops/sops/releases/download/v3.11.0/sops-v3.11.0.linux.amd64 ### Move the binary in to your PATH mv sops-v3.11.0.linux.amd64 /usr/local/bin/sops ### Make the binary executable chmod +x /usr/local/bin/sops ``` ##### Verify checksums file signature The checksums file provided within the artifacts attached to this release is signed using [Cosign](https://docs.sigstore.dev/cosign/overview/) with GitHub OIDC. To validate the signature of this file, run the following commands: ```shell ### Download the checksums file, certificate and signature curl -LO https://github.com/getsops/sops/releases/download/v3.11.0/sops-v3.11.0.checksums.txt curl -LO https://github.com/getsops/sops/releases/download/v3.11.0/sops-v3.11.0.checksums.pem curl -LO https://github.com/getsops/sops/releases/download/v3.11.0/sops-v3.11.0.checksums.sig ### Verify the checksums file cosign verify-blob sops-v3.11.0.checksums.txt \ --certificate sops-v3.11.0.checksums.pem \ --signature sops-v3.11.0.checksums.sig \ --certificate-identity-regexp=https://github.com/getsops \ --certificate-oidc-issuer=https://token.actions.githubusercontent.com ``` ##### Verify binary integrity To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature: ```shell ### Verify the binary using the checksums file sha256sum -c sops-v3.11.0.checksums.txt --ignore-missing ``` ##### Verify artifact provenance The [SLSA provenance](https://slsa.dev/provenance/v0.2) of the binaries, packages, and SBOMs can be found within the artifacts associated with this release. It is presented through an [in-toto](https://in-toto.io/) link metadata file named `sops-v3.11.0.intoto.jsonl`. To verify the provenance of an artifact, you can utilize the [`slsa-verifier`](https://github.com/slsa-framework/slsa-verifier#artifacts) tool: ```shell ### Download the metadata file curl -LO https://github.com/getsops/sops/releases/download/v3.11.0/sops-v3.11.0.intoto.jsonl ### Verify the provenance of the artifact slsa-verifier verify-artifact <artifact> \ --provenance-path sops-v3.11.0.intoto.jsonl \ --source-uri github.com/getsops/sops \ --source-tag v3.11.0 ``` #### Container Images The `sops` binaries are also available as container images, based on Debian (slim) and Alpine Linux. The Debian-based container images include any dependencies which may be required to make use of certain key services, such as GnuPG, AWS KMS, Azure Key Vault, and Google Cloud KMS. The Alpine-based container images are smaller in size, but do not include these dependencies. These container images are available for the following architectures: `linux/amd64` and `linux/arm64`. ##### GitHub Container Registry - `ghcr.io/getsops/sops:v3.11.0` - `ghcr.io/getsops/sops:v3.11.0-alpine` ##### Quay.io - `quay.io/getsops/sops:v3.11.0` - `quay.io/getsops/sops:v3.11.0-alpine` ##### Verify container image signature The container images are signed using [Cosign](https://docs.sigstore.dev/cosign/overview/) with GitHub OIDC. To validate the signature of an image, run the following command: ```shell cosign verify ghcr.io/getsops/sops:v3.11.0 \ --certificate-identity-regexp=https://github.com/getsops \ --certificate-oidc-issuer=https://token.actions.githubusercontent.com \ -o text ``` ##### Verify container image provenance The container images include [SLSA provenance](https://slsa.dev/provenance/v0.2) attestations. For more information around the verification of this, please refer to the [`slsa-verifier` documentation](https://github.com/slsa-framework/slsa-verifier#containers). #### Software Bill of Materials The Software Bill of Materials (SBOM) for each binary is accessible within the artifacts enclosed with this release. It is presented as an [SPDX](https://spdx.dev/) JSON file, formatted as `<binary>.spdx.sbom.json`. #### What's Changed - build(deps): Bump the go group with 4 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1845](getsops/sops#1845) - build(deps): Bump the go group with 5 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1850](getsops/sops#1850) - build(deps): Bump the ci group with 4 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1849](getsops/sops#1849) - build(deps): Bump the go group with 8 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1854](getsops/sops#1854) - build(deps): Bump tempfile from 3.19.1 to 3.20.0 in /functional-tests in the rust group by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1853](getsops/sops#1853) - build(deps): Bump actions/setup-go from 5.4.0 to 5.5.0 in the ci group by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1852](getsops/sops#1852) - use bullet points for structure by [@​md42](https://github.com/md42) in [#​1844](getsops/sops#1844) - Introduce EncryptContext and DecryptContext for AWS, Azure, GCP, PGP and HashiCorp Vault by [@​matheuscscp](https://github.com/matheuscscp) in [#​1848](getsops/sops#1848) - build(deps): Bump the go group with 5 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1856](getsops/sops#1856) - build(deps): Bump the ci group with 2 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1857](getsops/sops#1857) - Allow injecting custom HTTP client for AWS, Azure, GCP and HashiCorp Vault by [@​matheuscscp](https://github.com/matheuscscp) in [#​1838](getsops/sops#1838) - Update authors in main.go by [@​jvehent](https://github.com/jvehent) in [#​1860](getsops/sops#1860) - build(deps): Bump the go group with 7 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1861](getsops/sops#1861) - Remove unmatched '\`' from README.rst by [@​wasv](https://github.com/wasv) in [#​1863](getsops/sops#1863) - build(deps): Bump the go group with 4 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1867](getsops/sops#1867) - build(deps): Bump alpine from 3.21 to 3.22 in /.release in the docker group by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1866](getsops/sops#1866) - build(deps): Bump the go group with 12 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1870](getsops/sops#1870) - build(deps): Bump github/codeql-action from 3.28.18 to 3.28.19 in the ci group by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1869](getsops/sops#1869) - build(deps): Bump github.com/cloudflare/circl from 1.6.0 to 1.6.1 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1871](getsops/sops#1871) - build(deps): Bump the go group with 12 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1872](getsops/sops#1872) - build(deps): Bump the ci group across 1 directory with 3 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1874](getsops/sops#1874) - build(deps): Bump the go group with 8 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1878](getsops/sops#1878) - build(deps): Bump the ci group with 2 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1879](getsops/sops#1879) - build(deps): Bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1882](getsops/sops#1882) - Fix Typo in README.rst by [@​inverted-tree](https://github.com/inverted-tree) in [#​1881](getsops/sops#1881) - build(deps): Bump the go group with 4 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1884](getsops/sops#1884) - build(deps): Bump the ci group with 2 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1883](getsops/sops#1883) - Correct Windows path to store keys.txt by [@​EshemMimi](https://github.com/EshemMimi) in [#​1885](getsops/sops#1885) - build(deps): Bump the go group with 3 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1888](getsops/sops#1888) - build(deps): Bump the ci group with 2 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1889](getsops/sops#1889) - build(deps): Bump the go group with 6 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1893](getsops/sops#1893) - Add "--value-file" option to "sops set \[...]" by [@​bjornfor](https://github.com/bjornfor) in [#​1876](getsops/sops#1876) - Document XDG\_CONFIG\_HOME support on mac by [@​fredericrous](https://github.com/fredericrous) in [#​1897](getsops/sops#1897) - Fix Shamir threshold encoding for INI and ENV files by [@​felixfontein](https://github.com/felixfontein) in [#​1899](getsops/sops#1899) - build(deps): Bump the go group with 12 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1908](getsops/sops#1908) - build(deps): Bump serde\_json from 1.0.140 to 1.0.142 in /functional-tests in the rust group by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1907](getsops/sops#1907) - build(deps): Bump the ci group with 3 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1905](getsops/sops#1905) - Fix docs: mention all stores instead of just YAML, JSON, and BINARY by [@​felixfontein](https://github.com/felixfontein) in [#​1895](getsops/sops#1895) - Ensure temporary file for editing is only read-writable by owner by [@​felixfontein](https://github.com/felixfontein) in [#​1903](getsops/sops#1903) - Add `--value-stdin` option to `sops set` by [@​felixfontein](https://github.com/felixfontein) in [#​1894](getsops/sops#1894) - Collect age identity loading errors and only report if decryption failed by [@​felixfontein](https://github.com/felixfontein) in [#​1898](getsops/sops#1898) - add completion script. Resolves [#​1868](getsops/sops#1868) by [@​longxiucai](https://github.com/longxiucai) in [#​1892](getsops/sops#1892) - Resolves [#​1864](getsops/sops#1864). Adds Native List as an option for configuring keys. by [@​lucqui](https://github.com/lucqui) in [#​1880](getsops/sops#1880) - Fix example.yaml file by [@​felixfontein](https://github.com/felixfontein) in [#​1909](getsops/sops#1909) - build(deps): Bump the go group with 15 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1912](getsops/sops#1912) - build(deps): Bump the ci group with 4 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1911](getsops/sops#1911) - build(deps): Bump the go group with 9 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1917](getsops/sops#1917) - build(deps): Bump the ci group with 4 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1916](getsops/sops#1916) - build(deps): Bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0 by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1920](getsops/sops#1920) - build(deps): Bump the go group with 14 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1923](getsops/sops#1923) - build(deps): Bump the rust group in /functional-tests with 2 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1921](getsops/sops#1921) - build(deps): Bump github/codeql-action from 3.29.9 to 3.29.11 in the ci group by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1922](getsops/sops#1922) - Docs: remove paragraph on GPG/PGP keyservers by [@​felixfontein](https://github.com/felixfontein) in [#​1928](getsops/sops#1928) - Allow to configure --enable-local-keyservice and --keyservice through env variables by [@​felixfontein](https://github.com/felixfontein) in [#​1930](getsops/sops#1930) - build(deps): Bump the ci group with 2 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1937](getsops/sops#1937) - fix: correct destination validation logic to detect all conflicts by [@​bruce-szalwinski-he](https://github.com/bruce-szalwinski-he) in [#​1936](getsops/sops#1936) - Switch from deprecated gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 by [@​sylr](https://github.com/sylr) in [#​1934](getsops/sops#1934) - INI: fix converting integers to strings; improve float and time.Time formatting by [@​felixfontein](https://github.com/felixfontein) in [#​1929](getsops/sops#1929) - feat(azkv): Skipping key-version will get latest key by [@​daogilvie](https://github.com/daogilvie) in [#​1919](getsops/sops#1919) - Fix keyservice client for unix domain sockets by [@​matheuscscp](https://github.com/matheuscscp) in [#​1910](getsops/sops#1910) - README: fix argument order by [@​felixfontein](https://github.com/felixfontein) in [#​1940](getsops/sops#1940) - Allow non-complex non-string values in dotenv and exec-env by [@​billy4479](https://github.com/billy4479) in [#​1933](getsops/sops#1933) - Fix mention of macOS XDG\_CONFIG\_HOME fallback by [@​felixfontein](https://github.com/felixfontein) in [#​1944](getsops/sops#1944) - Improve age identity loading by [@​felixfontein](https://github.com/felixfontein) in [#​1931](getsops/sops#1931) - build(deps): Bump the rust group in /functional-tests with 4 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1948](getsops/sops#1948) - build(deps): Bump the ci group with 2 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1949](getsops/sops#1949) - build(deps): Bump the rust group in /functional-tests with 2 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1954](getsops/sops#1954) - build(deps): Bump anchore/sbom-action from 0.20.5 to 0.20.6 in the ci group by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1955](getsops/sops#1955) - Start documenting the configuration file format by [@​felixfontein](https://github.com/felixfontein) in [#​1946](getsops/sops#1946) - CI: Build with Go 1.24 and 1.25, release with 1.25 by [@​felixfontein](https://github.com/felixfontein) in [#​1945](getsops/sops#1945) - build(deps): Bump the go group across 1 directory with 21 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1956](getsops/sops#1956) - When encrypting, load the config only once by [@​felixfontein](https://github.com/felixfontein) in [#​1939](getsops/sops#1939) - build(deps): Bump the go group across 1 directory with 10 updates by [@​dependabot](https://github.com/dependabot)\[bot] in [#​1958](getsops/sops#1958) - Ignore encryption selection options for binary store (and warn when they are used) by [@​felixfontein](https://github.com/felixfontein) in [#​1927](getsops/sops#1927) - AZKV: Also allow to omit version for AZKV keys specified in key groups by [@​felixfontein](https://github.com/felixfontein) in [#​1947](getsops/sops#1947) - Complex values in dotenv, and exec-env: do not print sensitive value in error message by [@​felixfontein](https://github.com/felixfontein) in [#​1959](getsops/sops#1959) - Release 3.11.0 by [@​felixfontein](https://github.com/felixfontein) in [#​1960](getsops/sops#1960) #### New Contributors - [@​md42](https://github.com/md42) made their first contribution in [#​1844](getsops/sops#1844) - [@​wasv](https://github.com/wasv) made their first contribution in [#​1863](getsops/sops#1863) - [@​inverted-tree](https://github.com/inverted-tree) made their first contribution in [#​1881](getsops/sops#1881) - [@​EshemMimi](https://github.com/EshemMimi) made their first contribution in [#​1885](getsops/sops#1885) - [@​bjornfor](https://github.com/bjornfor) made their first contribution in [#​1876](getsops/sops#1876) - [@​fredericrous](https://github.com/fredericrous) made their first contribution in [#​1897](getsops/sops#1897) - [@​longxiucai](https://github.com/longxiucai) made their first contribution in [#​1892](getsops/sops#1892) - [@​lucqui](https://github.com/lucqui) made their first contribution in [#​1880](getsops/sops#1880) - [@​bruce-szalwinski-he](https://github.com/bruce-szalwinski-he) made their first contribution in [#​1936](getsops/sops#1936) - [@​sylr](https://github.com/sylr) made their first contribution in [#​1934](getsops/sops#1934) - [@​daogilvie](https://github.com/daogilvie) made their first contribution in [#​1919](getsops/sops#1919) - [@​billy4479](https://github.com/billy4479) made their first contribution in [#​1933](getsops/sops#1933) **Full Changelog**: <getsops/sops@v3.10.2...v3.11.0> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xMzEuMiIsInVwZGF0ZWRJblZlciI6IjQxLjEzMS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJSZW5vdmF0ZSBCb3QiXX0=-->
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This allows running "sops set [...]" without leaking secrets in process
listings.
Fixes #729
I'm not a go programmer, please review carefully :-)