# Community SOPS Release Notes **Topics** - v1\.8\.0 - Release Summary - Minor Changes - Bugfixes - v1\.7\.0 - Release Summary - Minor Changes - Bugfixes - v1\.6\.7 - Release Summary - Bugfixes - v1\.6\.6 - Release Summary - Bugfixes - v1\.6\.5 - Release Summary - Bugfixes - v1\.6\.4 - Release Summary - Bugfixes - v1\.6\.3 - Release Summary - Known Issues - v1\.6\.2 - Release Summary - Bugfixes - v1\.6\.1 - Release Summary - Bugfixes - v1\.6\.0 - Release Summary - Minor Changes - v1\.5\.0 - Release Summary - Minor Changes - New Playbooks - New Roles - v1\.4\.1 - Release Summary - Bugfixes - v1\.4\.0 - Release Summary - Minor Changes - v1\.3\.0 - Release Summary - Minor Changes - v1\.2\.3 - Release Summary - v1\.2\.2 - Release Summary - Bugfixes - v1\.2\.1 - Release Summary - v1\.2\.0 - Release Summary - Minor Changes - Bugfixes - v1\.1\.0 - Release Summary - Minor Changes - New Plugins - Filter - v1\.0\.6 - Release Summary - Bugfixes - v1\.0\.5 - Release Summary - Bugfixes - v1\.0\.4 - Release Summary - Security Fixes - v1\.0\.3 - Release Summary - Bugfixes - v1\.0\.2 - Release Summary - v1\.0\.1 - Release Summary - v1\.0\.0 - Release Summary - Minor Changes - v0\.2\.0 - Release Summary - Minor Changes - v0\.1\.0 - Release Summary - New Plugins - Lookup - Vars - New Modules ## v1\.8\.0 ### Release Summary Feature release for supporting improvements coming with SOPS 3\.9\.0\. ### Minor Changes * Detect SOPS 3\.9\.0 and use new decrypt and encrypt subcommands \([https\://github\.com/ansible\-collections/community\.sops/pull/190](https\://github\.com/ansible\-collections/community\.sops/pull/190)\)\. * sops vars plugin \- new option handle\_unencrypted\_files allows to control behavior when encountering unencrypted files with SOPS 3\.9\.0\+ \([https\://github\.com/ansible\-collections/community\.sops/pull/190](https\://github\.com/ansible\-collections/community\.sops/pull/190)\)\. ### Bugfixes * sops\_encrypt \- properly support path\_regex in \.sops\.yaml when SOPS 3\.9\.0 or later is used \([https\://github\.com/ansible\-collections/community\.sops/issues/153](https\://github\.com/ansible\-collections/community\.sops/issues/153)\, [https\://github\.com/ansible\-collections/community\.sops/pull/190](https\://github\.com/ansible\-collections/community\.sops/pull/190)\)\. ## v1\.7\.0 ### Release Summary Bugfix and feature release to fix installation issues with SOPS 3\.9\.0\. ### Minor Changes * sops vars plugin \- allow to configure the valid extensions with an ansible\.cfg entry or with an environment variable \([https\://github\.com/ansible\-collections/community\.sops/pull/185](https\://github\.com/ansible\-collections/community\.sops/pull/185)\)\. ### Bugfixes * Fix RPM URL for the 3\.9\.0 release \([https\://github\.com/ansible\-collections/community\.sops/pull/188](https\://github\.com/ansible\-collections/community\.sops/pull/188)\)\. ## v1\.6\.7 ### Release Summary Bugfix release\. ### Bugfixes * sops\_encrypt \- ensure that output\-type is set to yaml when the file extension \.yml is used\. Now both \.yaml and \.yml files use the SOPS \-\-output\-type\=yaml formatting \([https\://github\.com/ansible\-collections/community\.sops/issues/164](https\://github\.com/ansible\-collections/community\.sops/issues/164)\)\. ## v1\.6\.6 ### Release Summary Make fully compatible with and test against sops 3\.8\.0\. ### Bugfixes * Fix RPM URL for the 3\.8\.0 release \([https\://github\.com/ansible\-collections/community\.sops/pull/161](https\://github\.com/ansible\-collections/community\.sops/pull/161)\)\. ## v1\.6\.5 ### Release Summary Make compatible with and test against sops 3\.8\.0\-rc\.1\. ### Bugfixes * Avoid pre\-releases when picking the latest version when using the GitHub API method \([https\://github\.com/ansible\-collections/community\.sops/pull/159](https\://github\.com/ansible\-collections/community\.sops/pull/159)\)\. * Fix changed DEB and RPM URLs for 3\.8\.0 and its prerelease\(s\) \([https\://github\.com/ansible\-collections/community\.sops/pull/159](https\://github\.com/ansible\-collections/community\.sops/pull/159)\)\. ## v1\.6\.4 ### Release Summary Maintenance/bugfix release for the move of sops to the new [getsops GitHub organization](https\://github\.com/getsops)\. ### Bugfixes * install role \- fix sops\_github\_latest\_detection\=latest\-release\, which broke due to sops moving to another GitHub organization \([https\://github\.com/ansible\-collections/community\.sops/pull/151](https\://github\.com/ansible\-collections/community\.sops/pull/151)\)\. ## v1\.6\.3 ### Release Summary Maintenance release with updated documentation\. From this version on\, community\.sops is using the new [Ansible semantic markup](https\://docs\.ansible\.com/ansible/devel/dev\_guide/developing\_modules\_documenting\.html\#semantic\-markup\-within\-module\-documentation) in its documentation\. If you look at documentation with the ansible\-doc CLI tool from ansible\-core before 2\.15\, please note that it does not render the markup correctly\. You should be still able to read it in most cases\, but you need ansible\-core 2\.15 or later to see it as it is intended\. Alternatively you can look at [the devel docsite](https\://docs\.ansible\.com/ansible/devel/collections/community/sops/) for the rendered HTML version of the documentation of the latest release\. ### Known Issues * Ansible markup will show up in raw form on ansible\-doc text output for ansible\-core before 2\.15\. If you have trouble deciphering the documentation markup\, please upgrade to ansible\-core 2\.15 \(or newer\)\, or read the HTML documentation on [https\://docs\.ansible\.com/ansible/devel/collections/community/sops/](https\://docs\.ansible\.com/ansible/devel/collections/community/sops/)\. ## v1\.6\.2 ### Release Summary Maintenance release\. ### Bugfixes * install role \- make sure that the pkg\_mgr fact is definitely available when installing on localhost\. This can improve error messages in some cases \([https\://github\.com/ansible\-collections/community\.sops/issues/145](https\://github\.com/ansible\-collections/community\.sops/issues/145)\, [https\://github\.com/ansible\-collections/community\.sops/pull/146](https\://github\.com/ansible\-collections/community\.sops/pull/146)\)\. ## v1\.6\.1 ### Release Summary Maintenance release\. ### Bugfixes * action plugin helper \- fix handling of deprecations for ansible\-core 2\.14\.2 \([https\://github\.com/ansible\-collections/community\.sops/pull/136](https\://github\.com/ansible\-collections/community\.sops/pull/136)\)\. * various plugins \- remove unnecessary imports \([https\://github\.com/ansible\-collections/community\.sops/pull/133](https\://github\.com/ansible\-collections/community\.sops/pull/133)\)\. ## v1\.6\.0 ### Release Summary Feature release improving the installation role\. ### Minor Changes * install role \- add sops\_github\_latest\_detection option that allows to configure which method to use for detecting the latest release on GitHub\. By default \(auto\) first tries to retrieve a list of recent releases using the API\, and if that fails due to rate limiting\, tries to obtain the latest GitHub release from a semi\-documented URL \([https\://github\.com/ansible\-collections/community\.sops/pull/133](https\://github\.com/ansible\-collections/community\.sops/pull/133)\)\. * install role \- add sops\_github\_token option to allow passing a GitHub token\. This can for example be used to avoid rate limits when using the role in GitHub Actions \([https\://github\.com/ansible\-collections/community\.sops/pull/132](https\://github\.com/ansible\-collections/community\.sops/pull/132)\)\. * install role \- implement another method to determine the latest release on GitHub than using the GitHub API\, which can make installation fail due to rate\-limiting \([https\://github\.com/ansible\-collections/community\.sops/pull/131](https\://github\.com/ansible\-collections/community\.sops/pull/131)\)\. ## v1\.5\.0 ### Release Summary Feature release\. ### Minor Changes * Automatically install GNU Privacy Guard \(GPG\) in execution environments\. To install Mozilla sops a manual step needs to be added to the EE definition\, see the collection\'s documentation for details \([https\://github\.com/ansible\-collections/community\.sops/pull/98](https\://github\.com/ansible\-collections/community\.sops/pull/98)\)\. ### New Playbooks * community\.sops\.install \- Installs sops and GNU Privacy Guard on all remote hosts * community\.sops\.install\_localhost \- Installs sops and GNU Privacy Guard on localhost ### New Roles * community\.sops\.install \- Install Mozilla sops ## v1\.4\.1 ### Release Summary Maintenance release to improve compatibility with future ansible\-core releases\. ### Bugfixes * load\_vars \- ensure compatibility with newer versions of ansible\-core \([https\://github\.com/ansible\-collections/community\.sops/pull/121](https\://github\.com/ansible\-collections/community\.sops/pull/121)\)\. ## v1\.4\.0 ### Release Summary Feature release\. ### Minor Changes * Allow to specify age keys as age\_key\, or age keyfiles as age\_keyfile \([https\://github\.com/ansible\-collections/community\.sops/issues/116](https\://github\.com/ansible\-collections/community\.sops/issues/116)\, [https\://github\.com/ansible\-collections/community\.sops/pull/117](https\://github\.com/ansible\-collections/community\.sops/pull/117)\)\. * sops\_encrypt \- allow to specify age recipients \([https\://github\.com/ansible\-collections/community\.sops/issues/116](https\://github\.com/ansible\-collections/community\.sops/issues/116)\, [https\://github\.com/ansible\-collections/community\.sops/pull/117](https\://github\.com/ansible\-collections/community\.sops/pull/117)\)\. ## v1\.3\.0 ### Release Summary Feature release\. ### Minor Changes * All software licenses are now in the LICENSES/ directory of the collection root\, and the collection repository conforms to the [REUSE specification](https\://reuse\.software/spec/) except for the changelog fragments \([https\://github\.com/ansible\-collections/community\.crypto/sops/108](https\://github\.com/ansible\-collections/community\.crypto/sops/108)\, [https\://github\.com/ansible\-collections/community\.sops/pull/113](https\://github\.com/ansible\-collections/community\.sops/pull/113)\)\. * sops vars plugin \- added a configuration option to temporarily disable the vars plugin \([https\://github\.com/ansible\-collections/community\.sops/pull/114](https\://github\.com/ansible\-collections/community\.sops/pull/114)\)\. ## v1\.2\.3 ### Release Summary Fix formatting bug in documentation\. No code changes\. ## v1\.2\.2 ### Release Summary Maintenance release\. ### Bugfixes * Include simplified\_bsd\.txt license file for the sops module utils\. ## v1\.2\.1 ### Release Summary Maintenance release with updated documentation\. ## v1\.2\.0 ### Release Summary Collection release for inclusion in Ansible 4\.9\.0 and 5\.1\.0\. This release contains a change allowing to configure generic plugin options with ansible\.cfg keys and env variables\. ### Minor Changes * sops lookup and vars plugin \- allow to configure almost all generic options by ansible\.cfg entries and environment variables \([https\://github\.com/ansible\-collections/community\.sops/pull/81](https\://github\.com/ansible\-collections/community\.sops/pull/81)\)\. ### Bugfixes * Fix error handling in calls of the sops binary when negative errors are returned \([https\://github\.com/ansible\-collections/community\.sops/issues/82](https\://github\.com/ansible\-collections/community\.sops/issues/82)\, [https\://github\.com/ansible\-collections/community\.sops/pull/83](https\://github\.com/ansible\-collections/community\.sops/pull/83)\)\. ## v1\.1\.0 ### Release Summary A minor release for inclusion in Ansible 4\.2\.0\. ### Minor Changes * Avoid internal ansible\-core module\_utils in favor of equivalent public API available since at least Ansible 2\.9 \([https\://github\.com/ansible\-collections/community\.sops/pull/73](https\://github\.com/ansible\-collections/community\.sops/pull/73)\)\. ### New Plugins #### Filter * community\.sops\.decrypt \- Decrypt sops\-encrypted data ## v1\.0\.6 ### Release Summary This release makes the collection compatible to the latest beta release of ansible\-core 2\.11\. ### Bugfixes * action\_module plugin helper \- make compatible with latest changes in ansible\-core 2\.11\.0b3 \([https\://github\.com/ansible\-collections/community\.sops/pull/58](https\://github\.com/ansible\-collections/community\.sops/pull/58)\)\. * community\.sops\.load\_vars \- make compatible with latest changes in ansible\-core 2\.11\.0b3 \([https\://github\.com/ansible\-collections/community\.sops/pull/58](https\://github\.com/ansible\-collections/community\.sops/pull/58)\)\. ## v1\.0\.5 ### Release Summary This release fixes a bug that prevented correct YAML file to be created when the output was ending in \.yaml\. ### Bugfixes * community\.sops\.sops\_encrypt \- use output type yaml when path ends with \.yaml \([https\://github\.com/ansible\-collections/community\.sops/pull/56](https\://github\.com/ansible\-collections/community\.sops/pull/56)\)\. ## v1\.0\.4 ### Release Summary This is a security release\, fixing a potential information leak in the community\.sops\.sops\_encrypt module\. ### Security Fixes * community\.sops\.sops\_encrypt \- mark the aws\_secret\_access\_key and aws\_session\_token parameters as no\_log to avoid leakage of secrets \([https\://github\.com/ansible\-collections/community\.sops/pull/54](https\://github\.com/ansible\-collections/community\.sops/pull/54)\)\. ## v1\.0\.3 ### Release Summary This release include some fixes to Ansible docs and required changes for inclusion in Ansible\. ### Bugfixes * community\.sops\.sops lookup plugins \- fix wrong format of Ansible variables so that these are actually used \([https\://github\.com/ansible\-collections/community\.sops/pull/51](https\://github\.com/ansible\-collections/community\.sops/pull/51)\)\. * community\.sops\.sops vars plugins \- remove non\-working Ansible variables \([https\://github\.com/ansible\-collections/community\.sops/pull/51](https\://github\.com/ansible\-collections/community\.sops/pull/51)\)\. ## v1\.0\.2 ### Release Summary Fix of 1\.0\.1 release which had no changelog entry\. ## v1\.0\.1 ### Release Summary Re\-release of 1\.0\.0 to counteract error during release\. ## v1\.0\.0 ### Release Summary First stable release\. This release is expected to be included in Ansible 3\.0\.0\. ### Minor Changes * All plugins and modules\: allow to pass generic sops options with new options config\_path\, enable\_local\_keyservice\, keyservice\. Also allow to pass AWS parameters with options aws\_profile\, aws\_access\_key\_id\, aws\_secret\_access\_key\, and aws\_session\_token \([https\://github\.com/ansible\-collections/community\.sops/pull/47](https\://github\.com/ansible\-collections/community\.sops/pull/47)\)\. * community\.sops\.sops\_encrypt \- allow to pass encryption\-specific options kms\, gcp\_kms\, azure\_kv\, hc\_vault\_transit\, pgp\, unencrypted\_suffix\, encrypted\_suffix\, unencrypted\_regex\, encrypted\_regex\, encryption\_context\, and shamir\_secret\_sharing\_threshold to sops \([https\://github\.com/ansible\-collections/community\.sops/pull/47](https\://github\.com/ansible\-collections/community\.sops/pull/47)\)\. ## v0\.2\.0 ### Release Summary This release adds features for the lookup and vars plugins\. ### Minor Changes * community\.sops\.sops lookup plugin \- add empty\_on\_not\_exist option which allows to return an empty string instead of an error when the file does not exist \([https\://github\.com/ansible\-collections/community\.sops/pull/33](https\://github\.com/ansible\-collections/community\.sops/pull/33)\)\. * community\.sops\.sops vars plugin \- add option to control caching \([https\://github\.com/ansible\-collections/community\.sops/pull/32](https\://github\.com/ansible\-collections/community\.sops/pull/32)\)\. * community\.sops\.sops vars plugin \- add option to determine when vars are loaded \([https\://github\.com/ansible\-collections/community\.sops/pull/32](https\://github\.com/ansible\-collections/community\.sops/pull/32)\)\. ## v0\.1\.0 ### Release Summary First release of the community\.sops collection\! This release includes multiple plugins\: an action plugin\, a lookup plugin and a vars plugin\. ### New Plugins #### Lookup * community\.sops\.sops \- Read sops encrypted file contents #### Vars * community\.sops\.sops \- Loading sops\-encrypted vars files ### New Modules * community\.sops\.load\_vars \- Load sops\-encrypted variables from files\, dynamically within a task * community\.sops\.sops\_encrypt \- Encrypt data with sops