Sops

sops is an editor of encrypted files that supports YAML, JSON, ENV, INI and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault, age, and PGP.

demo

at - https://github.com/mozilla/sops

Usage

Config by sops.yaml

Encrypt for this age recipient

creation_rules:
  - age: "age1m2zqnxq3zkks96ds4xrvlqgxaqff6xc5jr2nxvxka9fz0035pa2stp7psj"

With Age

use SOPS_AGE_KEY_FILE if age file is not in default directory ($HOME/Library/Application Support/sops/age/keys.txt)

SOPS_AGE_KEY_FILE=key.txt sops --config sops.yaml hello.yaml

Create new key

  • to stdout age-keygen
  • to file age-keygen -o key.txt
  • get recipient from identity file age-keygen -y key.txt