sops Command Examples

SOPS (Secrets OPerationS): a simple and flexible tool for managing secrets. More information: https://github.com/mozilla/sops.

• Encrypt a file:

sops -e {{path/to/file.json}} > {{path/to/file.enc.json}}

• Decrypt a file to stdout:

sops -d {{path/to/file.enc.json}}

• Update the declared keys in a sops file:

sops updatekeys {{path/to/file.enc.yaml}}

• Rotate data keys for a sops file:

sops -r {{path/to/file.enc.yaml}}

• Change the extension of the file once encrypted:

sops -d --input-type json {{path/to/file.enc.json}}

• Extract keys by naming them, and array elements by numbering them:

sops -d --extract '["an_array"][1]' {{path/to/file.enc.json}}

• Show the difference between two sops files:

diff <(sops -d {{path/to/secret1.enc.yaml}}) <(sops -d {{path/to/secret2.enc.yaml}})