Cannot decrypt with GPG 2.2.5 and SOPS 3.0.0 #304
Description
It appears the utility is looking for a secret key in a file but my GPG installation (through macOS homebrew) uses the gpg-agent. I cannot decrypt files as demonstrated below.
$ sops --version
sops 3.0.0 (latest)
$ gpg --version
gpg (GnuPG) 2.2.5
libgcrypt 1.8.2
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: /Users/leeazzarello/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
$ env | grep PGP
SOPS_PGP_FP=743C1E72CF94A24C27C7D9FC49D6AC0457F0CB9A
$ sops testing.yaml
[PGP] INFO[0000] Encryption succeeded fingerprint=743C1E72CF94A24C27C7D9FC49D6AC0457F0CB9A
[CMD] INFO[0009] File written successfully
$ cat testing.yaml
hello: ENC[AES256_GCM,data:/TmzpVCbKHPCXRUpPBb9ItIiWbi5YysTdabccCMI8FE+4unQSwJbO2e/ZRts8A==,iv:a3wOGugv2wHJvtKOW6fDhGQnvXzpSBVSe7Y8YK+9vQo=,tag:5S2Pt/DlMaduegSU9Pyxyg==,type:str]
example_key: ENC[AES256_GCM,data:TEd4FGk3x7tInkit/Q==,iv:Pkis1I2Kbf+UJBhfKls24YkAOVwd9VP206V9WOT289U=,tag:yltevnDwDB1H/nv0hiBDdA==,type:str]
example_array:
- ENC[AES256_GCM,data:Rh2SkgdhLQNtbnWj+Aw=,iv:Vx4zHt0TC01C3pi/53zkyF5dYPXPxmjl1Bv7aCpWXoA=,tag:NvddG4qpVhhnz0//9GkEXA==,type:str]
- ENC[AES256_GCM,data:tzCeQ2yLhkhx+MJHNBE=,iv:72KDzEwZndj4pHLRYkfaAwtJqx5iIhD8YRskNRTXKC4=,tag:4/iNuneCnRztbDboMQCRWQ==,type:str]
example_number: ENC[AES256_GCM,data:6qE9Jcd9Jwjz,iv:xfoTEIMXeI0ADpmMD/kcFPWSylsvG4SZtVVL7nmZigU=,tag:4IsksVXD/PmustXL1sJi6Q==,type:float]
example_booleans:
- ENC[AES256_GCM,data:Sm2ITw==,iv:1eNe37m3l9E4vcGUxOoMIhgtQMRRQI8LZ09MHsamzog=,tag:39Wkv315VSauqrPuOo+crw==,type:bool]
- ENC[AES256_GCM,data:X+39sbE=,iv:2s6Xhrb5qqsiDNfCPjBxhBktdDq/q47sgoDm/NDQgRw=,tag:r3/hEymjEU9iEcWHvj3yYA==,type:bool]
sops:
kms: []
gcp_kms: []
lastmodified: '2018-03-06T19:13:15Z'
mac: ENC[AES256_GCM,data:TRRFKPzatPr0s1eGRfs6vw1dZWzQ62cri9jsST3LgnmICqykONTFA6290g8ENz4bolEfHpMdw//EbTFSMpprTksqJvbCPPDQiJQ9y8rEHm7i2G6frSG8ZfmzjStmSc/BUqpyv8BLYS2/W6gUwdH4YNsAIvh+eBnnGcbKKWMYV3E=,iv:oPgVVqNySE29V09PHs+mpuaJO40wlK2sHRxNaBVWQ34=,tag:ZjmijIo2LKs+DP4g28JWhw==,type:str]
pgp:
- created_at: '2018-03-06T19:13:06Z'
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA/6FE2S2NrqvARAAl1L6OqMA8hCHnW9meZrrJSIvrNT6Jw2I5RrPCHrEnrjB
RVEc1WNP6EOzTMXxi51ukuhbwle6RYElIYTG1E8vIqGhqyFP3aN4oITqwBwyXKou
qeyNwxLp/gWn29+X4KVaGNDIXRKZwx0+s8fWb1WXxNpCdCJqiNXT+ghu2b6ZZydf
po9GORDnwPBvIFchIp/ZJLBWPZiPrAWEZzKWpIiFOLO9shS7d2AWCDqiSMLh0kRh
bOWDImMxWYzsowBzSTRhaE7VilNZrghqwXYT/qiou95I9FFqPE/o2NIVOcC89zzB
o+iv+SfvknMN9oq7n/6D7SeQrlf1ySiXVMRYZ+JKHYFbhN891+pYSaeUd6bs3Bjl
T65azB+2o2hA2b1I24+uaYmJ5ROFMnGa2wBWoY8+5la94OUdM/O2ysMYOrJjw2jA
a+U+AdjQKc/X5ZZpvbNzZGqt/qQTDYZC2wv9a14RMMXXUOCORxia+EUQinGhi1o5
/VBf9v6qw3R4M6dOKvAUuSvXjBPqGk3mE9CX7ZXOdRAWCbb2FGIR2BHiQyYAl3pz
TN8W/Hm8vJNElU/6U5RMLJOeAzvDBZ2aXv6Drj4l+hb2TRZOEn0F1HerD/lK57iT
Bcbjn+Q3Gh91XemrRtxDCa1pH8OP/Nm5//YKImbatT1exNGEMu07wtusDpI+z7/S
XgGodzJuGGIv9+48qBv2h3tWfdIbbG22L0aKsZMdziJXzGp0p/1tDFKiMF3tMpKh
+qWT9bGPkvt38i7UzGl6Cq4teNttCK/3F5BC2cY4Xw+3fjdjG2q2fLifIUX8sE4=
=ix0m
-----END PGP MESSAGE-----
fp: 743C1E72CF94A24C27C7D9FC49D6AC0457F0CB9A
unencrypted_suffix: _unencrypted
version: 3.0.0
$ sops -d testing.yaml
[PGP] WARN[0000] Decryption failed fingerprint=743C1E72CF94A24C27C7D9FC49D6AC0457F0CB9A
Failed to get the data key required to decrypt the SOPS file.
Group 0: FAILED
743C1E72CF94A24C27C7D9FC49D6AC0457F0CB9A: FAILED
- | could not decrypt data key with PGP key:
| golang.org/x/crypto/openpgp error: Could not load secring:
| open /Users/leeazzarello/.gnupg/secring.gpg: no such file or
| directory; GPG binary error: exit status 2
Recovery failed because no master key was able to decrypt the file. In
order for SOPS to recover the file, at least one key has to be successful,
but none were.