Stack Overflow
Stack Overflow

Questions tagged [mozilla-sops]

sops is an editor of encrypted files that supports YAML, JSON, ENV, INI and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault and PGP.

SOPS (Secrets OPerationS) is a Mozilla project to securely automate the sharing and distribution of secrets and credentials in cloud environments.

https://github.com/mozilla/sops/

26 questions
5
votes
3 answers

How do I use sops as an External Tool in my IDE?

I'd like to use sops to edit files in my IDE (Intellij), but I'm not sure how best to set it up as an External Tool. I found these related questions: Use vscode as editor for sops How to execute External Tool in IntelliJ
Jesse W at Z - Given up on SE
  • 1,720
  • 1
  • 13
  • 35
5
votes
1 answer

Use vscode as editor for sops

I can't seem to get sops to work with Visual Studio Code as its editor. vscode is already in the PATH. However, sops prints the decrypted content on the console instead of opening the editor. c:\>code . ----^ this opens the Visual Studio Code…
Amir Keibi
  • 1,991
  • 28
  • 45
4
votes
1 answer

Is it possible to update a SOPS-encrypted file without decrypting it first?

I'm using Mozilla SOPS to encrypt secrets, the results of which are committed to a git repo shared by the other members of a project. When using SOPS for personal projects, I am using age to encrypt/decrypt the contents of my SOPS files; if I have a…
Tyler
  • 51
  • 4
4
votes
1 answer

Sops unable to gcp kms decrypt file on Circleci despite GOOGLE_APPLICATION_CREDENTIALS successfully set to service account json

I am trying to configure a job on my local circleci (using docker executor, image: google/cloud-sdk:latest), and that job requires a sops gcp kms encrypted file to be decrypted. I have setup a google service account for the gcp kms decrypt service…
ltcolumb
  • 73
  • 1
  • 7
4
votes
1 answer

Configuring sops/helm-secrets in flux

I currently have Flux and the helm operator installed in my cluster via the helm charts. The flux deployment is monitoring a git repo where I have a .flux.yaml which I pass a folder context via the flux deployment git-path flag. This is used to run…
WMiller112
  • 213
  • 1
  • 2
  • 8
3
votes
1 answer

Allow sops encryption, but not decryption?

I'm trying to create a secrets.json file that can be checked into git. I want for my entire team to be able to add / encrypt a value to the secrets file, but not decrypt a value. We're using Google Cloud to manage access to the encryption key. When…
Scott Pierce
  • 61
  • 4
1
vote
1 answer

Grafana helm chart with PostgreSQL instead of SQLite 3 - How to hide the database credentials

I'm using Grafana with Helm https://github.com/grafana/helm-charts/tree/main/charts/grafana. I would like to switch from SQLite 3 to PostgreSQL as my backend database. However, I'm concerned about the security of my database credentials, which are…
Julio Enrique Guzmán Barraza
  • 21
  • 4
1
vote
0 answers

How to integrate Mozilla Sops with Kubernetes

I want to integrate sops with Kubernetes to decrypt the K8's resource. We are using Helm chart for deployment through Jenkins CICD. Our Kubernetes charts is placed on Git where we run a scripts to deploy with helm. I tried it manually but want to…
Saleem Ullah
  • 11
  • 1
1
vote
1 answer

kustomize: how to ignore ksops in ci/cd environment?

In my project, we let developers update a repo containing all of the kubernetes manifests. The repo uses kustomize. I've decided to add a validation / lint step to our CI to catch mistakes early. To do so, I'm trying to run kustomize build on…
101010
  • 14,866
  • 30
  • 95
  • 172
1
vote
1 answer

Mozilla SOPS & Azure Key Vault define `.sops.yaml`

I can't find the example of how to use Azure Keyvault with Mozilla SOPS in .sops.yaml. All examples I saw in the WEB and provided here https://github.com/mozilla/sops#211using-sopsyaml-conf-to-select-kmspgp-for-new-files for AWS. Anyone saw Azure…
Alex K
  • 135
  • 1
  • 12
1
vote
1 answer

How to use the sops provider with terraform using an array instead an single value

I'm pretty new to Terraform. I'm trying to use the sops provider plugin for encrypting secrets from a yaml file: Sops Provider I need to create a Terraform user object for a later provisioning stage like this example: users = [{ name = "user123" …
tnuetz
  • 13
  • 3
1
vote
2 answers

Error from Terragrunt while calling sops_decrypt_file()

I have configured SOPS with generator: .sops.yaml creation_rules: - path_regex: \.dev\.yaml$ kms: *kms_arn* aws_profile: dev To generate a file sops secrets.dev.yaml It generates file with encryption as: hello:…
Ashok
  • 75
  • 12
1
vote
1 answer

Mozilla Sops fails to decrypt when triggered from Jenkins

I'm trying to use SOPS to decrypt a file using Jenkins, using this command: sops -k -d mysecret.yaml > out But then I get this output and it waits till forever: Vim: Warning: Output is not to a terminal I've tried to export some env. vars, but I…
Haitham00n
  • 31
  • 4
0
votes
0 answers

Using sops together with terragrunt

I know this is a bit of a generic question but I am entirely new to this and don't know where to find information regarding this, in the repo I found (https://github.com/mozilla/sops) I could not find much about this. I have a bit of trouble to…
Benny
  • 839
  • 16
  • 32
0
votes
1 answer

Mozilla SOPS. 2 out of 3 users have to present their PGP keys to decrypt. How Alice & Bob make sure that other won't steal their private key?

Lets imaging we have configured in sops.yaml that 2 out of 3 users have to present their private keys to decrypt the encrypted values. Lets imagine a situation Bob and Alice decided to change the file settings and before doing so they need to…
Alex K
  • 135
  • 1
  • 12
1
2