Decryption

Installation using homebrew brew install sops manual download download from GitHub https://github.com/getsops/sops/releases Using SOPS Create a sops.yaml sops.yaml creation_rules: # encrypt stuff in .secrets - aws_profile: default kms: arn:aws:kms:eu-central-1:1234567890:key/abcdefg-0123456-abcdefg (1) path_regex: ^./secrets/.*$ (2) 1 We are using AWS KMS for encryption/decryption 2 All files in the directory .secrets will be encrypted Inplace Encrypt sops -e -i .secrets/mysecret.yaml Inplace Decrypt sops -d -i .secrets/mysecret.yaml Complete Example using PGP Install GPG and create a new Key Install the GPG binaries .Linux / apt sudo apt install gnupg ...

These are not only linux snippets but also bash snippets and snippets using tools that run under Linux, *nix or sometimes even MacOSX, I should reorder this article someday ;) Settings for more reliable bash scripts set -euo pipefail this gives us …​ -e: exit script if a single command fails -u: exit script if an unset variable is used -o pipefail: return value of a pipeline is the status of the last command to exit with a non-zero status, or zero if no command exited with a non-zero status ...