Implement some kind of query/status option

[atruskie]

It'd be really useful to be able to query the status of a file. I'm currently using grep -q -x "sops:" file.yml to test if a file is encrypted for:

• pre-commit hook, to test if a file needs to be encrypted
• git diff, to test if a file needs to be decrypted. Just using sops -d can error if the diff is between an encrypted file and an unencrypted one with the git diff:

-        # last lines of yaml
+sops metadata not found

Relying on some generic test (like grep) is not that difficult but

• it would be harder to make portable for different formats
• it'd feel a lot nicer if sops could tell us about files itself since it already does that for error cases.

Proposal

I'm thinking something like:

$ sops --status file.yml
decrypted
$ sops -e -i file.yml
$ sops --status file.yml
encrypted

Alternate ideas

• This seems conceptually similar to the --verify option proposed in implement a sops --verify #437 but I don't really understand what problem implement a sops --verify #437 is trying to solve
• Sops could implement a --decrypt-or-cat function that would also be quiet useful and would address the git diff portion of my use case

[autrilla]

Thanks for the great writeup about the proposal.

This looks to me like it could be useful and also relatively simple to implement within sops. I would implement it as a subcommand rather than a flag (encrypt, decrypt, etc use flags for historical reasons), such as sops filestatus file.yaml. This could also potentially be extended with a --check-mac flag or something along those lines to support the needs of #437.