SOPS: Secrets OPerationS

Introduction

SOPS is an editor of encrypted files that supports YAML, JSON, ENV, INI and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault, HuaweiCloud KMS, age, and PGP. (demo)

image

image

More information on…

Backward compatibility

SOPS will remain backward compatible on the major version, meaning that all improvements brought to the 1.X and 2.X branches (current) will maintain the file format introduced in 1.0.

License

Mozilla Public License Version 2.0

Authors

SOPS was initially launched as a project at Mozilla in 2015 and has been graciously donated to the CNCF as a Sandbox project in 2023, now under the stewardship of a new group of maintainers.

The original authors of the project were:

  • Adrian Utrilla @autrilla
  • Julien Vehent @jvehent

Furthermore, the project has been carried for a long time by AJ Bahnken @ajvb, and had not been possible without the contributions of numerous contributors.

Credits

SOPS was inspired by hiera-eyaml, credstash, sneaker, password store and too many years managing PGP encrypted files by hand...

CNCF Sandbox Project CNCF Sandbox Project

We are a Cloud Native Computing Foundation sandbox project.

Installation

How to install SOPS, or build it from source

Usage

How to use SOPS.

References

More detailled information on some topics.

Security

More information on SOPS’ security model.

Contribution Guidelines

How to contribute to SOPS

Last modified May 15, 2026: Rename 'Basic usage' to 'Usage' and split it up. (5220d8d)