# getsops/sops

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/getsops-sops).**

22,111 stars · 1,038 forks · Go · MPL-2.0

## Links

- GitHub: https://github.com/getsops/sops
- Homepage: https://getsops.io
- awesome-repositories: https://awesome-repositories.com/repository/getsops-sops.md

## Topics

`aws` `azure` `devops` `gcp` `pgp` `secret-distribution` `secret-management` `security` `sops`

## Description

This tool is a command-line utility designed to manage sensitive data by encrypting specific values within structured files such as YAML or JSON. By protecting only the sensitive portions of a file while leaving the structure intact, it ensures that configuration files remain readable for version control systems and automated workflows.

The utility provides a secure development workflow by transparently decrypting files into memory for editing and automatically re-encrypting them upon saving, which prevents plaintext secrets from being written to the local disk. It supports a variety of encryption methods, including PGP, age, and integration with cloud-based key management services, allowing teams to choose between local offline security and managed infrastructure providers.

Beyond file-level protection, the tool automates the injection of decrypted secrets directly into the environment of child processes. It uses path-based configuration matching to apply consistent security policies across a project, ensuring that encryption parameters and key selection remain uniform throughout the development lifecycle.

## Tags

### Security & Cryptography

- [Configuration Encryption](https://awesome-repositories.com/f/security-cryptography/configuration-encryption.md) — Encrypts sensitive values within structured configuration files while maintaining file readability for version control and automated workflows.
- [Secrets Management](https://awesome-repositories.com/f/security-cryptography/secrets-management.md) — Secures sensitive data using PGP, age, or cloud KMS to prevent plaintext exposure on local disks. ([source](https://getsops.io/docs/))
- [Secret Management](https://awesome-repositories.com/f/security-cryptography/secret-management.md) — Manages sensitive application settings by encrypting values within structured files for version control.
- [Encryption Key Management](https://awesome-repositories.com/f/security-cryptography/encryption-key-management.md) — Integrates with cloud-based key management services to offload cryptographic operations and simplify secret access.
- [Data Encryption](https://awesome-repositories.com/f/security-cryptography/data-encryption.md) — Encrypts specific values within structured files while preserving the surrounding keys for version control compatibility.
- [Cryptographic Providers](https://awesome-repositories.com/f/security-cryptography/cryptographic-providers.md) — Supports multiple encryption backends like PGP and age to provide flexible key management strategies.
- [Developer Security](https://awesome-repositories.com/f/security-cryptography/developer-security.md) — Provides a secure development workflow by transparently handling encrypted configuration files.
- [Secret Encryption](https://awesome-repositories.com/f/security-cryptography/secret-encryption.md) — Protects sensitive data using local PGP or age encryption for secure offline management.

### Software Engineering & Architecture

- [Secret Injection Tools](https://awesome-repositories.com/f/software-engineering-architecture/application-lifecycle-management/configuration-management/secret-management-utilities/secret-injection-tools.md) — Injects decrypted secrets directly into child process environments to prevent plaintext exposure on disk.
- [Structured Data Encryptors](https://awesome-repositories.com/f/software-engineering-architecture/data-structures/structured-data-encryptors.md) — Protects individual values within YAML or JSON files while keeping the file structure intact. ([source](https://getsops.io/docs/))

### Data & Databases

- [Transparent Interceptors](https://awesome-repositories.com/f/data-databases/file-system-access/transparent-interceptors.md) — Decrypts files into memory for transparent editing and automatically re-encrypts them upon saving.

### Development Tools & Productivity

- [Path Matching Tools](https://awesome-repositories.com/f/development-tools-productivity/path-matching-tools.md) — Uses path-based matching to automatically apply encryption rules and security policies to specific configuration files.