Any way to disable probing GitHub?

[grepwood]

I'm using sops in a network environment where I will never ever in a million years be able to contact github.com directly. I'd like to be able to call sops -v without it complaining that it can't check what's the latest version.

Is there any environment variable perhaps that controls this behavior?

[grepwood]

Alright I found myself aliasing sops to sops --disable-version-check.

[felixfontein]

Yes, if you don't want sops -v to contact GitHub, you need to pass --disable-version-check.

[grepwood]

What kind of REST API call is actually used to get this info? Perhaps I could emulate it from my side of the intranet

[felixfontein]

It tries two approaches (see https://github.com/getsops/sops/blob/main/version/version.go#L136):

• First it tries https://github.com/getsops/sops/releases/latest to see where this redirects to;
• Then it tries the GitHub REST API.

[c33s]

can we please have an environment variable for that? quite uncool that a security tool leaks my ip address without consent.

[nicklasfrahm]

@c33s What should the behaviour of that environment variable be? Would you like it to be an alternative to the --disable-version-check flag?

Can you check if #1684 solves your use-case? Any non-empty value to that environment variable will disable the remote version check.

[c33s]

@nicklasfrahm yes #1684 is the behavior i was looking for.

still i would vote for opt-in instead of opt-out (eu gdpr): don't contact anything until i explicitly pass a --do-version-check flag or set the variable SOPS_ENABLE_VERSION_CHECK but i assume this would a different issue, would it?