Mozilla SOPS
SOPS, short for Secrets OPerationS, is an open-source text file editor that encrypts/decrypts files automagically.
Text editors and encryption tools already exist, however the ease of use is very low when using them separately. Emphasis with SOPS is on that the text editor and encryption features are packaged in one automated tool.
SOPS's ability to encrypt whole files as well as parts of structured content like variables in yaml makes it powerful for use in Ansible, Kubernetes, etc.
Installingඞ
Binaries and packages of the latest stable release are available at SOPS GitHub.
Setting up PGP keysඞ
Install GnuPG GPG CLI tool:
Bash | |
---|---|
Create the keys:
Bash | |
---|---|
List keys:
Bash | |
---|---|
Export keys to file:
Bash | |
---|---|
Import keys:
To configure SOPS paste the public key fingerprint to $HOME/.sops.yaml
(invalid sample value used here):
Usageඞ
Edit file and encrypt automatically:
Bash | |
---|---|
cat
the file to see that it's contents have been encrypted and converted into a json.
Encrypting the full content of a text file is powerful, but if the file contains structured data, for example:
- *.yaml
- *.json
- *.ini
- *.env
Then SOPS encrypts only the content you edited not the whole file:
Bash | |
---|---|
The follwing:
Will become: