Skip to content

Instantly share code, notes, and snippets.

@pataruco

pataruco/readme.md

Last active July 6, 2025 15:04
Show Gist options
  • Save pataruco/32d30588688c83b2d879ac06b3a5fe7e to your computer and use it in GitHub Desktop.
Save pataruco/32d30588688c83b2d879ac06b3a5fe7e to your computer and use it in GitHub Desktop.
Download ZIP
SOPS operations
Raw
readme.md

SOPS

Installation

brew install sops

GPG keys

Create a key

gpg --full-gen-key

Extract secret key

gpg -o <name of the file>.key --armor --export-secret-keys <email use on previous step>

Extract public key

gpg -o <name of file>.public.key --armor --export <email>

Import a key

gpg --import <name of file>.public.key

SOPS workflow

  • Check what files are installed in the machine
gpg --list-secret-keys
$ gpg --list-secret-keys
sec   rsa3072 2023-02-26 [SC] [expires: 2030-02-24]
      0F1A1DEF8A59B030862DC6C546FBFEC7F028456C
uid           [ultimate] Developer One <[email protected]>
ssb   rsa3072 2023-02-26 [E] [expires: 2030-02-24]
  • Get key ID and create shell variable or SOPS manifest
export SOPS_PGP_FP=0F1A1DEF8A59B030862DC6C546FBFEC7F028456C
# .sops.yaml
creation_rules:
  - pgp: 0F1A1DEF8A59B030862DC6C546FBFEC7F028456C

Encrypt a file

Important

Make sure that the file that is going to be encrypted has a file extension, e.g.: .dev to avoid metadata errors like parsing time "" as "2006-01-02T15:04:05Z07:00": cannot parse "" as "2006"

sops -e secrets.env > secrets-decrypted.env

Decrypt file

sops -d secrets-decrypted.env > .env

More info

https://dev.to/davinkevin/series/7029

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment