XML is still widely used for configuration in Java/JVM ecosystems. The company I work for uses it to define part of the configurations of such an application.
Currently, teams working with XML config files that contain secrets must either convert to a supported format before encrypting with SOPS, or fall back to BINARY mode which loses the structured diff and selective encryption benefits.
Proposal
Add an xml store alongside the existing json, yaml, ini, and dotenv stores. The implementation would:
- Map XML elements to SOPS tree branches, attributes to
@-prefixed keys, and text content to #text keys
- Support repeated same-name elements as arrays
- Preserve XML comments
- Store
sops metadata as a <sops> child element of the root (consistent with how other structured formats handle it)
- Reject mixed content (interleaved text and child elements) with a clear error, as this pattern is more common in document markup (HTML, DocBook) rather than in configuration files
- Use Go's standard
encoding/xml for parsing/emission (no new dependencies)
I have a working implementation based on the existing store architecture (modeled after the INI store for metadata flattening and the JSON store for hierarchical tree construction). Happy to open a PR if there's interest.
XML is still widely used for configuration in Java/JVM ecosystems. The company I work for uses it to define part of the configurations of such an application.
Currently, teams working with XML config files that contain secrets must either convert to a supported format before encrypting with SOPS, or fall back to BINARY mode which loses the structured diff and selective encryption benefits.
Proposal
Add an
xmlstore alongside the existingjson,yaml,ini, anddotenvstores. The implementation would:@-prefixed keys, and text content to#textkeyssopsmetadata as a<sops>child element of the root (consistent with how other structured formats handle it)encoding/xmlfor parsing/emission (no new dependencies)I have a working implementation based on the existing store architecture (modeled after the INI store for metadata flattening and the JSON store for hierarchical tree construction). Happy to open a PR if there's interest.