Changelog

3.0.5

--set now works with nested data structures and not just simple values
Changed default log level to warn instead of info
Avoid creating empty files when using the editor mode to create new files and not making any changes to the example files
Output unformatted strings when using --extract instead of encoding them to yaml
Allow forcing binary input and output types from command line flags
Deprecate filename_regex in favor of path_regex. filename_regex had a bug and matched on the whole file path, when it should have only matched on the file name. path_regex on the other hand is documented to match on the whole file path.
Add an encrypted-suffix option, the exact opposite of unencrypted-suffix
Allow specifying unencrypted_suffix and encrypted_suffix rules in the .sops.yaml configuration file
Introduce key service flag optionally prompting users on encryption/decryption

Shamir secret sharing scheme support allows SOPS to require multiple master keys to access a data key and decrypt a file. See sops groups -help and the documentation in README.
Keyservice to forward access to a local master key on a socket, similar to gpg-agent. See sops keyservice --help and the documentation in README.
Encrypt comments by default
Support for Google Compute Platform KMS
Refactor of the store logic to separate the internal representation SOPS has of files from the external representation used in JSON and YAML files
Reencoding of versions as string on sops 1.X files. WARNING this change breaks backward compatibility. SOPS shows an error message with instructions on how to solve this if it happens.
Added command to reconfigure the keys used to encrypt/decrypt a file based on the .sops.yaml config file
Retrieve missing PGP keys from gpg.mozilla.org
Improved error messages for errors when decrypting files