Implicit and explicit Google Application Default Credentials cannot be used

[ryanhos]

Google API clients have the ability to use credentials from a well-known path. This path is where the gcloud SDK writes them when you execute gcloud auth login --update-adc or gcloud auth application-default login. There is no need to set the GOOGLE_APPLICATION_CREDENTIALS envvar in this case (though you can to override the path). And from the code side, there is no client config needed for it to automatically use that credential. It Just Works(R).

PR #953 broke app default credentials while making the GCP KMS integration more CI-friendly. If one did NOT set GOOGLE_CREDENTIALS, sops would try to create the KMS client with a zero-byte JSON credentials slice, which caused a JSON parse error.

Only a small change is necessary to let #953 coexist with GOOGLE_APPLICATION_DEFAULT credentials. PR incoming.

[muhlba91]

I am running into the same issue (viaduct-ai/kustomize-sops#178) and would like to push this issue once more.
Is there any reason why your related PR does not get merged? Although there are work-arounds for this, I strongly believe that this bug should get fixed as per the expectations one has in how to setup the client environment variables.

[ryanhos]

I'm waiting for the review, just like you are. :)