Temporary memory cache
#2005
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Uh oh!
There was an error while loading. Please reload this page.
-
I'm using SOPS in combination with age, a YubiKey and direnv.
Whenever I enter a directory, i decrypt & load environment variables there into the shell.
Problem is: if I configure the yubikey to require a touch, i have to touch the youbikey after every command because the direnv hook runs all the time.
But removing the touch requirement seems too unsafe.
For me the perfect middleground would be to require the touch only once for every file, and then keep the decrypted stuff around for a few hours or until I log out. This could be achieved by a sops agent caching the decrypted secrets for a defined period of time in memory, and if the file did not change, instead of decrypting it again, it would directly return the cached values.
Would that be something that would fit directly into sops, or should it be implemented around it?
Beta Was this translation helpful? Give feedback.
All reactions