tldr/pages/common/sops.md

835 B

sops

SOPS (Secrets OPerationS): a simple and flexible tool for managing secrets. More information: https://github.com/mozilla/sops.

  • Encrypt a file:

sops -e {{path/to/file.json}} > {{path/to/file.enc.json}}

  • Decrypt a file to stdout:

sops -d {{path/to/file.enc.json}}

  • Update the declared keys in a sops file:

sops updatekeys {{path/to/file.enc.yaml}}

  • Rotate data keys for a sops file:

sops -r {{path/to/file.enc.yaml}}

  • Change the extension of the file once encrypted:

sops -d --input-type json {{path/to/file.enc.json}}

  • Extract keys by naming them, and array elements by numbering them:

sops -d --extract '["an_array"][1]' {{path/to/file.enc.json}}

  • Show the difference between two sops files:

diff <(sops -d {{path/to/secret1.enc.yaml}}) <(sops -d {{path/to/secret2.enc.yaml}})