Sops – Simple and Flexible Tool for Managing Secrets

sops is an editor of encrypted files that supports YAML, JSON, ENV, INI and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault and PGP.

Sops - Simple and Flexible Tool for Managing Secrets
Sops – Simple and Flexible Tool for Managing Secrets

Automating the distribution of secrets and credentials to components of an infrastructure is a hard problem. Particularly when these systems follow devops principles and are created and destroyed without human intervention. The issue boils down to establishing the initial trust of a system that just joined the infrastructure, and providing it access to the secrets it needs to configure itself.

SOPS can be used to encrypt YAML, JSON and BINARY files. In BINARY mode, the content of the file is treated as a blob, the same way PGP would encrypt an entire file. In YAML and JSON modes, however, the content of the file is manipulated as a tree where keys are stored in cleartext, and values are encrypted. 

Sometimes, users want to be able to tell what files were accessed by whom in an environment they control. For this reason, the tool may generate audit logs to record activity on encrypted files. When enabled, SOPS will write a log entry into a pre-configured PostgreSQL database when a file is decrypted. The log includes a timestamp, the username SOPS is running as, and the file that was decrypted.

You can read more and download this tool over here:

Notify of
Inline Feedbacks
View all comments