Linux command
sops 命令
文本
涉及管道、覆盖或删除,执行前请先确认路径和参数。
常用示例
Encrypt file
sops -e [secrets.yaml] > [secrets.enc.yaml]
Decrypt file
sops -d [secrets.enc.yaml]
Edit encrypted file
sops [secrets.enc.yaml]
Encrypt with specific key
sops -e --age [age-public-key] [file.yaml]
Rotate keys
sops -r [secrets.enc.yaml]
Add KMS key
sops --add-kms [arn:aws:kms:...] [file.yaml]
说明
sops (Secrets OPerationS) encrypts files while keeping their format intact. It encrypts values but leaves keys readable, making diffs and reviews practical. The tool supports multiple key sources including AWS KMS, GCP KMS, Azure Key Vault, age, and PGP.
参数
- -e, --encrypt
- Encrypt file.
- -d, --decrypt
- Decrypt file.
- -r, --rotate
- Rotate data key.
- -i, --in-place
- Modify file in place.
- --age _key_
- Age public key.
- --pgp _key_
- PGP fingerprint.
- --kms _arn_
- AWS KMS key ARN.
- --gcp-kms _resource_
- GCP KMS key.
- --azure-kv _url_
- Azure Key Vault key.
- --input-type _type_
- Input format.
- --output-type _type_
- Output format.
FAQ
What is the sops command used for?
sops (Secrets OPerationS) encrypts files while keeping their format intact. It encrypts values but leaves keys readable, making diffs and reviews practical. The tool supports multiple key sources including AWS KMS, GCP KMS, Azure Key Vault, age, and PGP.
How do I run a basic sops example?
Run `sops -e [secrets.yaml] > [secrets.enc.yaml]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does -e, --encrypt do in sops?
Encrypt file.