sops_add_metadata
Decrypts an encrypted SOPS file, adds _meta_unencrypted metadata, and re-encrypts while preserving original plaintext values. Resolves missing metadata in existing secrets files.
Instructions
Add _meta_unencrypted metadata to an existing SOPS-encrypted file that lacks it. Decrypts the file, adds metadata, and re-encrypts preserving original plaintext values. Requires SOPS_AGE_KEY env var for decryption.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| secret_metadata | Yes | Mapping of key names to metadata. Each value has 'source' ('generated', 'external', or 'derived') and optional 'description'. For 'derived', also provide 'transform' and 'from'. | |
| encrypted_content | Yes | Contents of a secrets.enc.yaml file |