feat: implement SOPS provider

[euphemism]

Hey all,

This is some LLM output that I am in the process of cleaning up, but I wanted to get the draft in front of you for some initial feedback. Instead of using a re-implementation of SOPS à la rops, this uses Rust's FFI support to interop with the Go library through a C FFI. I feel more comfortable with this from a security perspective, and it allows for utilizing the full feature set/API surface of SOPS.

Closes #5

[domenkozar]

Could we for starters use sops cli?

[euphemism]

@domenkozar to clarify: Are you saying as part of an MVP to utilize the SOPS CLI and later explore this direct integration with the SOPS code, or are you saying this is a direction you don't want to go down at all? Using the CLI means requiring having that separately installed, but I suppose that's the standard approach for the integrations supported by secretspec.

[domenkozar]

I'd also be fine using sops-ffi if it was an externally maintained crate

[euphemism]

I'd also be fine using sops-ffi if it was an externally maintained crate

Ah, but I don't want to maintain it either 😅. When I get around to it I'll refactor this to assume the sops CLI is available in the environment.

[euphemism]

@domenkozar Just listened to the Devenv 2.0 Full Time Nix episode and heard you mentioning the FFI-based approach for the SOPS integration 😅.

[domenkozar]

@domenkozar Just listened to the Devenv 2.0 Full Time Nix episode and heard you mentioning the FFI-based approach for the SOPS integration 😅.

I think it's the right way long term, but I really want to maintain it separately. Maybe we create a repo on cachix and then transfer it over?

[euphemism]

@domenkozar Just listened to the Devenv 2.0 Full Time Nix episode and heard you mentioning the FFI-based approach for the SOPS integration 😅.

I think it's the right way long term, but I really want to maintain it separately. Maybe we create a repo on cachix and then transfer it over?

Okay, I've parked the current implementation at https://github.com/euphemism/secretspec/tree/sops-integration-via-ffi. I will rework this MVP to call out to the SOPS CLI.

[euphemism]

Okay, back to square one (ish). Invokes the SOPS CLI. Still need to do a heavy review and refactor pass on all of this generated code, and flesh out the test cases.

[euphemism]

Initial review and refactor done. Getting closer, not quite yet ready to transition out of draft. Some further refactoring and tests writing remains.