sops-encryption
17
总安装量
9
周安装量
#20666
全站排名
安装命令
npx skills add https://github.com/bagelhole/devops-security-agent-skills --skill sops-encryption
Agent 安装分布
claude-code
9
opencode
8
kiro-cli
7
codex
2
Skill 文档
SOPS Encryption
Encrypt secrets in configuration files while keeping structure visible.
When to Use This Skill
Use this skill when:
- Encrypting secrets in Git
- Implementing GitOps with secrets
- Managing Kubernetes secrets as code
- Encrypting configuration files
Prerequisites
- SOPS installed
- KMS access (AWS, GCP, Azure) or PGP key
Installation
# macOS
brew install sops
# Linux
wget https://github.com/getsops/sops/releases/download/v3.8.0/sops-v3.8.0.linux.amd64
chmod +x sops-v3.8.0.linux.amd64
mv sops-v3.8.0.linux.amd64 /usr/local/bin/sops
Basic Usage
# Encrypt with AWS KMS
sops --encrypt --kms arn:aws:kms:region:account:key/key-id secrets.yaml > secrets.enc.yaml
# Decrypt
sops --decrypt secrets.enc.yaml
# Edit encrypted file
sops secrets.enc.yaml
# Encrypt in place
sops --encrypt --in-place secrets.yaml
Configuration
# .sops.yaml
creation_rules:
- path_regex: .*\.prod\.yaml$
kms: arn:aws:kms:us-east-1:account:key/prod-key
- path_regex: .*\.dev\.yaml$
kms: arn:aws:kms:us-east-1:account:key/dev-key
- path_regex: .*
pgp: fingerprint
Kubernetes Integration
# encrypted secret
apiVersion: v1
kind: Secret
metadata:
name: myapp-secrets
type: Opaque
stringData:
password: ENC[AES256_GCM,data:encrypted...]
sops:
kms:
- arn: arn:aws:kms:region:account:key/key-id
# With ArgoCD
# Install ksops plugin for ArgoCD to decrypt secrets
Best Practices
- Store .sops.yaml in repository
- Use different keys per environment
- Rotate encryption keys regularly
- Never commit unencrypted secrets
- Use key aliases for readability
Related Skills
- hashicorp-vault – Centralized secrets
- argocd-gitops – GitOps integration