SOPS is a command-line utility for managing secrets inside configuration files and other documents.
Rather than encrypting an entire structured file as an opaque blob, it preserves the document layout and stores encrypted values alongside the metadata needed to decrypt them later. That makes it well suited to Git-based infrastructure workflows, deployment pipelines, and teams that need to handle sensitive configuration using cloud KMS backends, age, or PGP.
This is free and open source software.
Key Features
- Supports AWS KMS, GCP KMS, Azure Key Vault, HuaweiCloud KMS, age, and PGP for encryption and decryption.
- Works with YAML, JSON, ENV, INI, and binary files.
- Uses .sops.yaml creation rules to apply keys and settings based on path or filename matches.
- Computes a message authentication code to help detect unauthorized additions or removals of values.
- Supports key groups with configurable Shamir Secret Sharing thresholds.
- Lets you set or unset specific paths in YAML and JSON documents from the command line.
- Includes publishing support for sending secrets to pre-configured destinations.
- Cross-platform support – runs under Linux, macOS, and Windows.
Website: github.com/getsops/sops
Support:
Developer: getsops
License: Mozilla Public License Version 2.0
SOPS is written in Go. Learn Go with our recommended free books and free tutorials.
Related Software
| CLI File Encryption Tools | |
|---|---|
| SOPS | Editor of encrypted files |
| age | Simple file encryption tool |
| GnuPG | Implementation of the OpenPGP standard |
| Sequoia PGP | Comprehensive OpenPGP implementation |
| horcrux | File splitter with encryption and redundancy |
| rage | Simple encryption tool using the age format |
| Kryptor | Simple, modern, and secure file encryption and signing tool |
| Picocrypt | Very small (hence Pico), very simple, yet very secure encryption tool |
| fscrypt | Go tool for managing Linux filesystem encryption |
| enc | Designed as a modern, approachable alternative to GnuPG |
| ccrypt | Tool for encrypting and decrypting files and streams |
| Encpipe | Billed as the simplest encryption tool in the world |
| Volaris | Encryption tool designed to prioritize privacy and security |
| eddy | Simple and fast CLI file encryption |
| Xecrets Cli | AxCrypt compatible encryption tool |
| nacrypt | Simple and easy-to-use file encryption utility |
| v02enc | Symmetric encryption for multiple recipients |
| rsecure | AES-GCM file encryption and decryption tool |
| PurrCrypt | Fur-ociously secure encryption tool |
Read our verdict in the software roundup.
| Secrets Management | |
|---|---|
| OpenBao | Manage, store, and distribute sensitive data |
| SOPS | Editor of encrypted files |
| Sealed Secrets | One-way encrypted secrets |
| Vault | Tool for securely accessing secrets |
| Infisical | Secrets management, PKI, and SSH access |
| fnox | Encrypted/remote secret manager |
| Envy | Slick TUI for browsing secrets and a CLI for automation |
| Chamber | Modern secret management solution |
Read our verdict in the software roundup.
 Explore our comprehensive directory of recommended free and open source software. Our carefully curated collection spans every major software category.This directory is part of our ongoing series of informative articles for Linux enthusiasts. It features hundreds of detailed reviews, along with open source alternatives to proprietary solutions from major corporations such as Google, Microsoft, Apple, Adobe, IBM, Cisco, Oracle, and Autodesk. You’ll also find interesting projects to try, hardware coverage, free programming books and tutorials, and much more. Discovered a useful open source Linux program that we haven’t covered yet? Let us know by completing this form. |