given a project with following structure:

.
├── .sops.yaml
└── secrets
    └── test.json

with .sops.yaml content:

creation_rules:
  - path_regex: secrets/.*
    gcp_kms: projects/YOUR_POJECT/locations/global/keyRings/YOUR_RING/cryptoKeys/YOUR_KEY

I am not able to encrypt data from stdin into the secrets directory, for example

cat secrets/test.json | sops --input-type json --output-type json --output secrets/test.encrypted.json -e /dev/stdin

gives me:

error loading config: no matching creation rules found

I am guessing that sops is trying to match /dev/stdin against the creation_rules from the config file (changing path_regex: secrets/.* to path_regex: .* makes it work, but that is obviously not a solution).

Here's a sample repo which can be used to reproduce the error:
https://github.com/adrian-gierakowski/sops-encrypt-from-stdin

Possible solutions

1. match against value of --output (converted to absolute path, or path relative to config file) if present
2. add a new flag which would take a path that could be used to match against creation rules

The latter would be more universal as it would allow use cases where --output is not specified

As a side note: I stumbled upon this issue while trying to write a script to re-encrypt all files in a directory after changing the creation_rules, and wanted to avoid temporarily storing unencrypted data to disk while doing it.