SOPS is a command-line utility for managing secrets inside configuration files and other documents.
Rather than encrypting an entire structured file as an opaque blob, it preserves the document layout and stores encrypted values alongside the metadata needed to decrypt them later. That makes it well suited to Git-based infrastructure workflows, deployment pipelines, and teams that need to handle sensitive configuration using cloud KMS backends, age, or PGP.
This is free and open source software.
Key Features
- Supports AWS KMS, GCP KMS, Azure Key Vault, HuaweiCloud KMS, age, and PGP for encryption and decryption.
- Works with YAML, JSON, ENV, INI, and binary files.
- Uses .sops.yaml creation rules to apply keys and settings based on path or filename matches.
- Computes a message authentication code to help detect unauthorized additions or removals of values.
- Supports key groups with configurable Shamir Secret Sharing thresholds.
- Lets you set or unset specific paths in YAML and JSON documents from the command line.
- Includes publishing support for sending secrets to pre-configured destinations.
- Cross-platform support – runs under Linux, macOS, and Windows.
Website: github.com/getsops/sops
Support:
Developer: getsops
License: Mozilla Public License Version 2.0
SOPS is written in Go. Learn Go with our recommended free books and free tutorials.
 Explore our comprehensive directory of recommended free and open source software. Our carefully curated collection spans every major software category.This directory is part of our ongoing series of informative articles for Linux enthusiasts. It features hundreds of detailed reviews, along with open source alternatives to proprietary solutions from major corporations such as Google, Microsoft, Apple, Adobe, IBM, Cisco, Oracle, and Autodesk. You’ll also find interesting projects to try, hardware coverage, free programming books and tutorials, and much more. Discovered a useful open source Linux program that we haven’t covered yet? Let us know by completing this form. |