suggestion for improving error messages #1900
Description
Hello thank you for making sops so great. I gave a presentation to a team today about sops. I had someone install sops and I added their ssh key to .sops.yaml. They ran sops decrypt enc.env and got a error message similar too:
Failed to get the data key required to decrypt the SOPS file.
Group 0: FAILED
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEG+5dI8DsALemHS2lzsOo46FH2RujkJ26suU8NKDEpS blake@banjo: FAILED
- | failed to load age identities: failed to open file: open
| /home/blake/.config/sops/age/keys.txt: no such file or
| directory
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBwiAqCZp9fAGvG2/w/UWqCpiM+aO6qO4fAs4Qcfe4nx: FAILED
- | failed to load age identities: failed to open file: open
| /home/blake/.config/sops/age/keys.txt: no such file or
| directory
Recovery failed because no master key was able to decrypt the file. In
order for SOPS to recover the file, at least one key has to be successful,
but none were.
The problem was they had renamed their ssh private key to something like work_ssh_id_ed25519.
My suggestion is that given there were only ssh keys in .sops.yaml it would be helpful to say something like no id_ed25519 or id_rsa could be found in the error message and maybe suggest using SOPS_AGE_SSH_PRIVATE_KEY_FILE. This would help identify the problem more easily.