git textconv failures with added age key #1968
Description
Unclear what is going on using common sopsdiffer, ie. in .gitattributes. This is an issue with adding a second key; which as advertised means I should only need one of them to decrypt in the default use (ie. not using groups).
**/secrets.yaml diff=sopsdiffer
and .git/config:
grep -A 1 sopsdiffer .git/config
[diff "sopsdiffer"]
textconv = sops -d
This works fine with the initial GCP KMS key. When I add a second (AGE) key, it fails.
Failed to get the data key required to decrypt the SOPS file.
Group 0: FAILED
age1n6k8uqcpnnn5826k0exxck47f55ltdv4g6yzxml7nq2jtfqvvqdq930Qfv: FAILED
- | failed to create reader for decrypting sops data key with
| age: no identity matched any of the recipients
Recovery failed because no master key was able to decrypt the file. In
order for SOPS to recover the file, at least one key has to be successful,
but none were.
fatal: unable to read files to diff
I'v confirmed that I can decrypt fine with either key alone, but what about git and textconv is making it such that a.) it ignores my GCP KMS and b.) requires the AGE?