Vi Sops Dev
Quick Start
- •Start from the repo map in
references/repo-map.mdto pick the right entry point fast. - •Run the developer test loop from
references/testing.md(make test, thenmake functional-tests). - •Use
--verbose(or per-command--verbosewhere available) to enable debug logging in the CLI.
Workflow
1) Triage the user request
- •Identify whether the change is primarily:
- •CLI plumbing (
cmd/sops/...) - •crypto/tree/metadata (
sops.go,aes/,stores/) - •key provider (
kms/,gcpkms/,azkv/,hckms/,hcvault/,age/,pgp/) - •config parsing (
config/) - •keyservice / gRPC (
keyservice/,cmd/sops/subcommand/keyservice/) - •functional tests (
functional-tests/)
- •CLI plumbing (
2) Trace the execution path
- •If the behavior is user-facing, start at
cmd/sops/main.goand follow into the command implementation incmd/sops/*.go. - •If the behavior is encryption/decryption:
- •CLI calls helpers in
cmd/sops/common/(load/decrypt/encrypt). - •Core logic lives in
sops.go(Tree/Metadata, MAC, key groups, store interfaces).
- •CLI calls helpers in
3) Make a minimal reproduction
- •Prefer a small fixture (YAML/JSON/ENV/INI) in
example.*style, or use existingexample.yaml/example.json. - •Prefer unit tests (
go test ./...) for pure logic and functional tests (functional-tests/) for end-to-end CLI behavior.
4) Implement the change
- •Match existing patterns in the nearest package (key providers, stores, CLI command wiring).
- •Keep backwards compatibility in mind: encrypted-file schema + metadata fields are part of the ecosystem.
5) Validate
- •Run
make testand (when relevant)make functional-tests. Seereferences/testing.md.
Pointers
- •Repo map:
references/repo-map.md - •Testing:
references/testing.md - •Key providers:
references/key-providers.md - •Optional quick overview script:
scripts/sops-repo-map.sh