SOPS

Mozilla SOPS is a tool that allows you to commit encrypted secrets/data to git, without having to worry.

Note to self: the agekey is stored in Vaultwarden!

Guide: https://fluxcd.io/flux/guides/mozilla-sops/#encrypting-secrets-using-age

Generate an agekey
age-keygen -o age.agekey
cat age.agekey | kubectl create secret generic sops-age
--namespace=flux-system
--from-file=age.agekey=/dev/stdin

Encrypting:

sops --age age1mq6usjzvvxvcp7tl03yjdqd0kgjhhvhz48kmg86p43nhx0jc75jssw0kfn --encrypt --encrypted-regex '^(data|stringData|annotations|host)$' --in-place

Decrypting

sops --age age1mq6usjzvvxvcp7tl03yjdqd0kgjhhvhz48kmg86p43nhx0jc75jssw0kfn --decrypt --encrypted-regex '^(data|stringData|annotations|host)$' --in-place

Troubleshooting

Mac mismatch

You can ignore the MAC mismatch:

getsops/sops#942

--ignore-mac

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Sops.md

Sops.md

SOPS

Encrypting:

Decrypting

Troubleshooting

Mac mismatch

Files

Sops.md

Latest commit

History

Sops.md

File metadata and controls

SOPS

Encrypting:

Decrypting

Troubleshooting

Mac mismatch