Is there a notion of "write only access"?

[andyren0110]

I'm thinking about this use case: everyone on the dev team could have access to a public key to add new secrets. But only specific people and our services have access to a private key to decrypt and use the secrets.

I'm calling this a notion of "write only access" since everyone could write new stuff (or maybe even updating an existing secret with a new value), but they could not read existing secret's values.

Is this something that's possible with SOPS?

[felixfontein]

It just works when just encrypting new files and not editing existing files. Editing existing files needs to be able to decrypt the file's key to encrypt the new data with the same key and update the MAC.