Respect aws_profile from Keygroup Config

[Kouzukii]

A KMS entry in a creation_rule keygroup supports setting aws_profile, but the value is not passed into the KMS MasterKey.

Fixes: #1093

[abeluck]

I can confirm that this patch fixes the bug that prevents aws_profile from working when defined in a keygroup.

sample .sops.yml

---
creation_rules:
  - key_groups:
      - kms:
        - arn: arn:aws:kms:eu-west-1......
          aws_profile: my-profile

With latest master branch or release version 2.7.3

$ sops --verbose test2.sops.yml
[AWSKMS]         INFO[0006] Encryption failed                             arn="arn:aws:kms:eu-west-1:...redacted..."
Error encrypting the data key with one or more master keys: [failed to encrypt new data key with master key "arn:aws:kms:eu-west-1:...redacted...": Failed to call KMS encryption service: NoCredentialProviders: no valid providers in chain. Deprecated.
        For verbose messaging see aws.Config.CredentialsChainVerboseErrors]

With this patch applied

$ /workspace/go/bin/sops --verbose test2.sops.yml
[AWSKMS]         INFO[0000] Encryption succeeded                          arn="arn:aws:kms:eu-west-1:...redacted..."
[CMD]    INFO[0002] File written successfully   

[WillerWasTaken]

Oh this was the issue I had here. Would love to see it merged :)

[jgournet]

Any chance somehow can review/approve ? this would be very useful

[ajvb]

@Kouzukii can you change this to be against develop instead of master?

[Kouzukii]

@ajvb done

[jgournet]

almost there :) can someone review it please ?

[jgournet]

@ajvb : Could you review this PR please ?

[enchorb]

bump

[hiddeco]

In addition to my comment, it would be great if you could rebase and sign-off your commit as we introduced a DCO.

[hiddeco]

Addressed some tiny nits I didn't want you to bother with. Thank you very much @Kouzukii! 🍒