feat(github-release): update aqua:getsops/sops ( 3.10.2 → 3.12.2 ) by flowbie-bot[bot] · Pull Request #837 · aumer-amr/labv2

flowbie-bot · 2025-09-28T18:10:05Z

This PR contains the following updates:

Package	Update	Change
aqua:getsops/sops	minor	`3.10.2` → `3.12.2`

Release Notes

getsops/sops (aqua:getsops/sops)

`v3.12.2`

Compare Source

Improvements:

Dependency updates (#2085,
#2087, #2089,
#2095).

Bugfixes:

GCP: Revert the fix introduced in 3.12.0 that sets quota project to API
project in GCP KMS. This change unintentionally resulted in requiring
more permissions for GCP users. The original issue will be addressed in
another way in a future release (#2099).
Ensure to delete temporary file and directory when editing in more
situations, like when user presses Ctrl+C or SOPS receives a SIGTERM
(#2104).
Fix message that you need to enter (and not any key) after SOPS rejects
an edited file (#2098).
Reject files with sops keys when editing files (#2098).
Fix handling of --mac-only-encrypted option in subcommands (#2100).

Project changes:

CI dependency updates (#2084,
#2091, #2101,
#2106).
Rust dependency updates for functional tests (#2090,
#2105).
Improve CI workflows (#2081).

`v3.12.1`

Compare Source

This is a re-release of 3.12.0 with no code changes.

Due to a failure during the 3.12.0 release, and the commit for the 3.12.0
release already being cached by the Go infrastructure, we need to bump
the version to properly get a release out.
(We did learn this from a similar incident with the 3.10.0 release.)

`v3.12.0`

Compare Source

Features:

Add support for HuaweiCloud KMS (#2001).
GCP KMS: Add SOPS_GCP_KMS_CLIENT_TYPE environment variable support to select
between gRPC and REST clients (#1973).
Age: support hybrid post-quantum identities (#2033).
Age: pass SOPS_AGE_RECIPIENT environment variable to SOPS_AGE_KEY_CMD (#2045).
Age: add SOPS_AGE_SSH_PRIVATE_KEY_CMD environment variable (#2070).

Improvements:

Dependency updates (#1967,
#1971, #1978,
#1986, #1988,
#1991, #1993,
#2002, #2004,
#2007, #2012,
#2018, #2024,
#2029, #2037,
#2043, #2047,
#2050, #2059,
#2074, #2078).
Fix mistakes in --help output (#1975,
#1963).
Improve documentation (#1997).
Unset user's GNUPGHOME environment variable for tests (#2052).
Use age's plugin.NewTerminalUI() instead of vendoring the code (#2034).
Remove dead code during YAML loading (#2072).
Build release with Go 1.26 (#2071).

Bugfixes:

Add --decryption-order flag to exec-env, exec-file, and publish commands.
The subcommand code was using the flags, but it wasn't declared (#1965).
Fix AWS KMS encryption context not being passed when config is pre-loaded (#2021).
Fix recursive publish (#2019).
Set quota project to API project in GCP KMS (#1697).
DotEnv store now properly reports missing metadata (#2055).
AWS KMS: allow role splitting without hard-coded aws partition (#2042).

Project changes:

Add Go 1.26 to CI (#2071).
CI dependency updates (#1961,
#1966, #1970,
#1979, #1985,
#1989, #1992,
#2003, #2006,
#2010, #2011,
#2017, #2023,
#2028, #2038,
#2044, #2046,
#2049, #2058,
#2075).
Rust dependency updates for functional tests (#1962,
#2027, #2035,
#2073).

`v3.11.0`

Compare Source

Security fixes:

Ensure temporary file for editing is only read-writable by owner.
This was already the case for the directory containing the file (#1903).
Ignore encryption selection options for binary store, and warn when they are used.
In previous versions, these could have prevented the data to be encrypted (#1927).
Do not print sensitive values in error messages when trying to encrypt
complex values in DotEnv and exec-env (#1959).

Features:

Allow to set values from file with sops set --value-file (#1876,
#1940).
Allow to set values from stdin with sops set --value-stdin (#1894).
Add subcommands to create shell completion scripts (#1892).
Allow to provide keys as YAML lists instead of comma-separated strings (#1880).
Allow to configure --enable-local-keyservice and --keyservice through
environment variables (#1930).
Allow to omit AZKV key version in .sops.yaml (#1919,
#1947).
Allow non-complex non-string values in DotEnv and sops exec-env (#1933).

Improvements:

Dependency updates (#1845,
#1850, #1854,
#1856, #1861,
#1867, #1870,
#1871, #1872,
#1878, #1882,
#1884, #1888,
#1893, #1908,
#1912, #1917,
#1920, #1923,
#1956, #1958).
Docs improvements (#1844,
#1863, #1881,
#1885, #1897,
#1895, #1909,
#1928, #1944,
#1946).
Collect age identity loading errors and only report if decryption failed
(#1898).
Improve age identity loading so that age identities are loaded from all locations
(#1931).
When encrypting, parse .sops.yaml creation rule keys once (#1939).
Replace deprecated Go dependency gopkg.in/yaml.v3 with go.yaml.in/yaml/v3 (#1934).
Improve float and time.Time formatting when converting to strings
for DotEnv and INI files (#1929).

Bugfixes:

Fix Shamir threshold encoding for INI and ENV files (#1899).
Fix detection logic for destination rules to detect all conflicts (#1936).
Fix converting integers to strings (#1929).
Fix keyservice client for Unix domain sockets (#1910).

Project changes:

Go 1.23 is no longer support; CI now also builds with Go 1.25 (#1945).
CI dependency updates (#1849,
#1852, #1857,
#1866, #1869,
#1874, #1879,
#1883, #1889,
#1905, #1911,
#1916, #1922,
#1937, #1949,
#1955).
Rust dependency updates for functional tests (#1853,
#1907, #1921,
#1948, #1954).
Update authors in main.go (#1860).

Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

flowbie-bot bot added renovate/github-release type/minor labels Sep 28, 2025

flowbie-bot bot force-pushed the renovate/aqua-getsops-sops-3.x branch from e10e0de to 21fabb5 Compare February 19, 2026 18:26

flowbie-bot bot changed the title ~~feat(github-release): update aqua:getsops/sops ( 3.10.2 → 3.11.0 )~~ feat(github-release): update aqua:getsops/sops ( 3.10.2 → 3.12.0 ) Feb 19, 2026

flowbie-bot bot force-pushed the renovate/aqua-getsops-sops-3.x branch from 21fabb5 to fc5c5fd Compare February 22, 2026 08:14

flowbie-bot bot changed the title ~~feat(github-release): update aqua:getsops/sops ( 3.10.2 → 3.12.0 )~~ feat(github-release): update aqua:getsops/sops ( 3.10.2 → 3.12.1 ) Feb 22, 2026

feat(github-release): update aqua:getsops/sops ( 3.10.2 → 3.12.2 )

8d5a06c

flowbie-bot bot changed the title ~~feat(github-release): update aqua:getsops/sops ( 3.10.2 → 3.12.1 )~~ feat(github-release): update aqua:getsops/sops ( 3.10.2 → 3.12.2 ) Mar 18, 2026

flowbie-bot bot force-pushed the renovate/aqua-getsops-sops-3.x branch from fc5c5fd to 8d5a06c Compare March 18, 2026 06:32

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(github-release): update aqua:getsops/sops ( 3.10.2 → 3.12.2 )#837

feat(github-release): update aqua:getsops/sops ( 3.10.2 → 3.12.2 )#837
flowbie-bot[bot] wants to merge 1 commit intomainfrom
renovate/aqua-getsops-sops-3.x

flowbie-bot bot commented Sep 28, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

flowbie-bot bot commented Sep 28, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

v3.12.2

v3.12.1

v3.12.0

v3.11.0

Configuration

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

flowbie-bot bot commented Sep 28, 2025 •

edited

Loading

`v3.12.2`

`v3.12.1`

`v3.12.0`

`v3.11.0`