Community.Sops Release Notes
v2.2.4
Release Summary
Maintenance release.
Bugfixes
Fix accidental type extensions (https://github.com/ansible-collections/community.sops/pull/269).
v2.2.3
Release Summary
Maintenance release.
Minor Changes
Note that some new code in
plugins/module_utils/_six.pyis MIT licensed (https://github.com/ansible-collections/community.sops/pull/268).
Bugfixes
Avoid using
ansible.module_utils.sixto avoid deprecation warnings with ansible-core 2.20 (https://github.com/ansible-collections/community.sops/pull/268).
v2.2.2
Release Summary
Bugfix release.
Bugfixes
Avoid deprecated functionality in ansible-core 2.20 (https://github.com/ansible-collections/community.sops/pull/260).
all modules and plugins - the default of
enable_local_keyservicechanged fromfalsetotrue, and explicitly setting it tofalsenow passes--enable-local-keyservice=false. SOPS’ default has always beentrue, and when setting this option totrueso far it resulted in passing--enable-local-keyservice, which is equivalent to--enable-local-keyservice=trueand had no effect. This means that from now on, settingenable_local_keyserviceexplicitly tofalsehas an effect. Ifenable_local_keyservicewas not set before, or was set totrue, nothing will change (https://github.com/ansible-collections/community.sops/issues/261, https://github.com/ansible-collections/community.sops/pull/262).
v2.2.1
Release Summary
Bugfix release.
Bugfixes
install role - avoid deprecated parameter value for the
ansible.builtin.urimodule (https://github.com/ansible-collections/community.sops/pull/255).
v2.2.0
Release Summary
Feature release.
Minor Changes
load_vars - expressions can now be lazily evaluated when using ansible-core 2.19 or newer (https://github.com/ansible-collections/community.sops/pull/229).
v2.1.0
Release Summary
Feature release.
Minor Changes
Now supports specifying SSH private keys for age with the new
age_ssh_private_keyfileoption (https://github.com/ansible-collections/community.sops/pull/241).
v2.0.5
Release Summary
Maintenance release with updated SOPS version test coverage.
v2.0.4
Release Summary
Maintenance release with Data Tagging support.
Bugfixes
load_vars - make evaluation compatible with Data Tagging in upcoming ansible-core release (https://github.com/ansible-collections/community.sops/pull/225).
v2.0.3
Release Summary
Bugfix release.
Bugfixes
install role -
sops_install_on_localhost=falsewas not working properly if the role was running on more than one host due to a bug in ansible-core (https://github.com/ansible-collections/community.sops/issues/223, https://github.com/ansible-collections/community.sops/pull/224).
v2.0.2
Release Summary
Bugfix release.
Bugfixes
install role - when used with Debian on ARM architecture, the architecture name is now correctly translated from
aarch64toarm64(https://github.com/ansible-collections/community.sops/issues/220, https://github.com/ansible-collections/community.sops/pull/221).
v2.0.1
Release Summary
Maintenance release with updated documentation.
v2.0.0
Release Summary
Major verison that drops support for End of Life Ansible/ansible-base/ansible-core versions.
Removed Features (previously deprecated)
The collection no longer supports Ansible 2.9, ansible-base 2.10, ansible-core 2.11, ansible-core 2.12, ansible-core 2.13, and ansible-core 2.14. If you need to continue using End of Life versions of Ansible/ansible-base/ansible-core, please use community.sops 1.x.y (https://github.com/ansible-collections/community.sops/pull/206).
v1.9.1
Release Summary
Bugfix release.
Bugfixes
sops_encrypt - pass absolute paths to
module.atomic_move()(https://github.com/ansible/ansible/issues/83950, https://github.com/ansible-collections/community.sops/pull/208).
v1.9.0
Release Summary
Feature release.
Minor Changes
decrypt filter plugin - now supports the input and output type
ini(https://github.com/ansible-collections/community.sops/pull/204).sops lookup plugin - new option
extractallows extracting a single key out of a JSON or YAML file, equivalent to sops’decrypt --extract(https://github.com/ansible-collections/community.sops/pull/200).sops lookup plugin - now supports the input and output type
ini(https://github.com/ansible-collections/community.sops/pull/204).
v1.8.2
Release Summary
Maintenance release with updated documentation and changelog.
Deprecated Features
The collection deprecates support for all Ansible/ansible-base/ansible-core versions that are currently End of Life, according to the ansible-core support matrix. This means that the next major release of the collection will no longer support Ansible 2.9, ansible-base 2.10, ansible-core 2.11, ansible-core 2.12, ansible-core 2.13, and ansible-core 2.14.
v1.8.1
Release Summary
Bugfix release.
Bugfixes
Pass
config_pathon SOPS 3.9.0 before the subcommand instead of after it (https://github.com/ansible-collections/community.sops/issues/195, https://github.com/ansible-collections/community.sops/pull/197).
v1.8.0
Release Summary
Feature release for supporting improvements coming with SOPS 3.9.0.
Minor Changes
Detect SOPS 3.9.0 and use new
decryptandencryptsubcommands (https://github.com/ansible-collections/community.sops/pull/190).sops vars plugin - new option
handle_unencrypted_filesallows to control behavior when encountering unencrypted files with SOPS 3.9.0+ (https://github.com/ansible-collections/community.sops/pull/190).
Bugfixes
sops_encrypt - properly support
path_regexin.sops.yamlwhen SOPS 3.9.0 or later is used (https://github.com/ansible-collections/community.sops/issues/153, https://github.com/ansible-collections/community.sops/pull/190).
v1.7.0
Release Summary
Bugfix and feature release to fix installation issues with SOPS 3.9.0.
Minor Changes
sops vars plugin - allow to configure the valid extensions with an
ansible.cfgentry or with an environment variable (https://github.com/ansible-collections/community.sops/pull/185).
Bugfixes
Fix RPM URL for the 3.9.0 release (https://github.com/ansible-collections/community.sops/pull/188).
v1.6.7
Release Summary
Bugfix release.
Bugfixes
sops_encrypt - ensure that output-type is set to
yamlwhen the file extension.ymlis used. Now both.yamland.ymlfiles use the SOPS--output-type=yamlformatting (https://github.com/ansible-collections/community.sops/issues/164).
v1.6.6
Release Summary
Make fully compatible with and test against sops 3.8.0.
Bugfixes
Fix RPM URL for the 3.8.0 release (https://github.com/ansible-collections/community.sops/pull/161).
v1.6.5
Release Summary
Make compatible with and test against sops 3.8.0-rc.1.
Bugfixes
Avoid pre-releases when picking the latest version when using the GitHub API method (https://github.com/ansible-collections/community.sops/pull/159).
Fix changed DEB and RPM URLs for 3.8.0 and its prerelease(s) (https://github.com/ansible-collections/community.sops/pull/159).
v1.6.4
Release Summary
Maintenance/bugfix release for the move of sops to the new getsops GitHub organization.
Bugfixes
install role - fix
sops_github_latest_detection=latest-release, which broke due to sops moving to another GitHub organization (https://github.com/ansible-collections/community.sops/pull/151).
v1.6.3
Release Summary
Maintenance release with updated documentation.
From this version on, community.sops is using the new Ansible semantic markup in its documentation. If you look at documentation with the ansible-doc CLI tool from ansible-core before 2.15, please note that it does not render the markup correctly. You should be still able to read it in most cases, but you need ansible-core 2.15 or later to see it as it is intended. Alternatively you can look at the devel docsite for the rendered HTML version of the documentation of the latest release.
Known Issues
Ansible markup will show up in raw form on ansible-doc text output for ansible-core before 2.15. If you have trouble deciphering the documentation markup, please upgrade to ansible-core 2.15 (or newer), or read the HTML documentation on https://docs.ansible.com/ansible/devel/collections/community/sops/.
v1.6.2
Release Summary
Maintenance release.
Bugfixes
install role - make sure that the
pkg_mgrfact is definitely available when installing onlocalhost. This can improve error messages in some cases (https://github.com/ansible-collections/community.sops/issues/145, https://github.com/ansible-collections/community.sops/pull/146).
v1.6.1
Release Summary
Maintenance release.
Bugfixes
action plugin helper - fix handling of deprecations for ansible-core 2.14.2 (https://github.com/ansible-collections/community.sops/pull/136).
various plugins - remove unnecessary imports (https://github.com/ansible-collections/community.sops/pull/133).
v1.6.0
Release Summary
Feature release improving the installation role.
Minor Changes
install role - add
sops_github_latest_detectionoption that allows to configure which method to use for detecting the latest release on GitHub. By default (auto) first tries to retrieve a list of recent releases using the API, and if that fails due to rate limiting, tries to obtain the latest GitHub release from a semi-documented URL (https://github.com/ansible-collections/community.sops/pull/133).install role - add
sops_github_tokenoption to allow passing a GitHub token. This can for example be used to avoid rate limits when using the role in GitHub Actions (https://github.com/ansible-collections/community.sops/pull/132).install role - implement another method to determine the latest release on GitHub than using the GitHub API, which can make installation fail due to rate-limiting (https://github.com/ansible-collections/community.sops/pull/131).
v1.5.0
Release Summary
Feature release.
Minor Changes
Automatically install GNU Privacy Guard (GPG) in execution environments. To install Mozilla sops a manual step needs to be added to the EE definition, see the collection’s documentation for details (https://github.com/ansible-collections/community.sops/pull/98).
New Playbooks
community.sops.install - Installs sops and GNU Privacy Guard on all remote hosts
community.sops.install_localhost - Installs sops and GNU Privacy Guard on localhost
New Roles
community.sops.install - Install Mozilla sops
v1.4.1
Release Summary
Maintenance release to improve compatibility with future ansible-core releases.
Bugfixes
load_vars - ensure compatibility with newer versions of ansible-core (https://github.com/ansible-collections/community.sops/pull/121).
v1.4.0
Release Summary
Feature release.
Minor Changes
Allow to specify age keys as
age_key, or age keyfiles asage_keyfile(https://github.com/ansible-collections/community.sops/issues/116, https://github.com/ansible-collections/community.sops/pull/117).sops_encrypt - allow to specify age recipients (https://github.com/ansible-collections/community.sops/issues/116, https://github.com/ansible-collections/community.sops/pull/117).
v1.3.0
Release Summary
Feature release.
Minor Changes
All software licenses are now in the
LICENSES/directory of the collection root, and the collection repository conforms to the REUSE specification except for the changelog fragments (https://github.com/ansible-collections/community.crypto/sops/108, https://github.com/ansible-collections/community.sops/pull/113).sops vars plugin - added a configuration option to temporarily disable the vars plugin (https://github.com/ansible-collections/community.sops/pull/114).
v1.2.3
Release Summary
Fix formatting bug in documentation. No code changes.
v1.2.2
Release Summary
Maintenance release.
Bugfixes
Include
simplified_bsd.txtlicense file for thesopsmodule utils.
v1.2.1
Release Summary
Maintenance release with updated documentation.
v1.2.0
Release Summary
Collection release for inclusion in Ansible 4.9.0 and 5.1.0.
This release contains a change allowing to configure generic plugin options with ansible.cfg keys and env variables.
Minor Changes
sops lookup and vars plugin - allow to configure almost all generic options by ansible.cfg entries and environment variables (https://github.com/ansible-collections/community.sops/pull/81).
Bugfixes
Fix error handling in calls of the
sopsbinary when negative errors are returned (https://github.com/ansible-collections/community.sops/issues/82, https://github.com/ansible-collections/community.sops/pull/83).
v1.1.0
Release Summary
A minor release for inclusion in Ansible 4.2.0.
Minor Changes
Avoid internal ansible-core module_utils in favor of equivalent public API available since at least Ansible 2.9 (https://github.com/ansible-collections/community.sops/pull/73).
New Plugins
Filter
community.sops.decrypt - Decrypt sops-encrypted data
v1.0.6
Release Summary
This release makes the collection compatible to the latest beta release of ansible-core 2.11.
Bugfixes
action_module plugin helper - make compatible with latest changes in ansible-core 2.11.0b3 (https://github.com/ansible-collections/community.sops/pull/58).
community.sops.load_vars - make compatible with latest changes in ansible-core 2.11.0b3 (https://github.com/ansible-collections/community.sops/pull/58).
v1.0.5
Release Summary
This release fixes a bug that prevented correct YAML file to be created when the output was ending in .yaml.
Bugfixes
community.sops.sops_encrypt - use output type
yamlwhen path ends with.yaml(https://github.com/ansible-collections/community.sops/pull/56).
v1.0.4
Release Summary
This is a security release, fixing a potential information leak in the community.sops.sops_encrypt module.
Security Fixes
community.sops.sops_encrypt - mark the
aws_secret_access_keyandaws_session_tokenparameters asno_logto avoid leakage of secrets (https://github.com/ansible-collections/community.sops/pull/54).
v1.0.3
Release Summary
This release include some fixes to Ansible docs and required changes for inclusion in Ansible.
Bugfixes
community.sops.sops lookup plugins - fix wrong format of Ansible variables so that these are actually used (https://github.com/ansible-collections/community.sops/pull/51).
community.sops.sops vars plugins - remove non-working Ansible variables (https://github.com/ansible-collections/community.sops/pull/51).
v1.0.2
Release Summary
Fix of 1.0.1 release which had no changelog entry.
v1.0.1
Release Summary
Re-release of 1.0.0 to counteract error during release.
v1.0.0
Release Summary
First stable release. This release is expected to be included in Ansible 3.0.0.
Minor Changes
All plugins and modules: allow to pass generic sops options with new options
config_path,enable_local_keyservice,keyservice. Also allow to pass AWS parameters with optionsaws_profile,aws_access_key_id,aws_secret_access_key, andaws_session_token(https://github.com/ansible-collections/community.sops/pull/47).community.sops.sops_encrypt - allow to pass encryption-specific options
kms,gcp_kms,azure_kv,hc_vault_transit,pgp,unencrypted_suffix,encrypted_suffix,unencrypted_regex,encrypted_regex,encryption_context, andshamir_secret_sharing_thresholdto sops (https://github.com/ansible-collections/community.sops/pull/47).
v0.2.0
Release Summary
This release adds features for the lookup and vars plugins.
Minor Changes
community.sops.sops lookup plugin - add
empty_on_not_existoption which allows to return an empty string instead of an error when the file does not exist (https://github.com/ansible-collections/community.sops/pull/33).community.sops.sops vars plugin - add option to control caching (https://github.com/ansible-collections/community.sops/pull/32).
community.sops.sops vars plugin - add option to determine when vars are loaded (https://github.com/ansible-collections/community.sops/pull/32).
v0.1.0
Release Summary
First release of the community.sops collection!
This release includes multiple plugins: an action plugin, a lookup plugin and a vars plugin.
New Plugins
Lookup
community.sops.sops - Read sops encrypted file contents
Vars
community.sops.sops - Loading sops-encrypted vars files
New Modules
community.sops.load_vars - Load sops-encrypted variables from files, dynamically within a task
community.sops.sops_encrypt - Encrypt data with sops