awesome-repositories.com
Blog
awesome-repositories.com

Descoperă cele mai bune repository-uri open source cu căutare AI.

ExploreazăCăutări recomandateAlternative open-sourceSoftware self-hostedBlogHartă site
ProiectDespreCum realizăm clasamentulPresăServer MCP
LegalConfidențialitateTermeni
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·
mozilla avatar

mozilla/sops

0
View on GitHub↗
22,116 stele·1,038 fork-uri·Go·MPL-2.0·3 vizualizărigetsops.io↗

Sops

Sops is a secrets encryption tool designed to encrypt and decrypt sensitive values within configuration files. It functions as a manager for secrets that integrates with cloud key vaults and PGP keys to secure data stored in version-controlled files.

The tool utilizes structure-preserving encryption to encrypt individual values while keeping the overall file format and non-sensitive keys intact. It employs a KMS-backed encryption model, interfacing with external key management services from AWS, GCP, and Azure to handle cryptographic operations without exposing private keys locally.

The project covers secret configuration management for GitOps workflows and automated secrets deployment within CI/CD pipelines. It provides a framework for metadata-driven decryption and symmetric-key envelope encryption through pluggable cryptographic backends.

Features

  • Structure-Preserving - Utilizes structure-preserving encryption to secure individual values while keeping the overall file format and non-sensitive keys intact.
  • Cloud Secret Managers - Functions as a cloud secret manager by using AWS, GCP, and Azure key vaults to encrypt version-controlled files.
  • Configuration Encryption - Acts as a configuration encryption utility to encrypt and decrypt sensitive values while preserving file structure.
  • External Key Integration - Interfaces with external key management services from AWS, GCP, and Azure to perform cryptographic operations without local key exposure.
  • GitOps Secret Management - Manages encrypted secrets within Git repositories, allowing them to be safely committed and shared across teams.
  • Cloud KMS Integrations - Integrates with AWS, GCP, and Azure key management services to handle encryption keys externally.
  • Key Management Services - Connects to external key management providers to securely store and retrieve encryption keys.
  • Secret Configuration Management - Provides secret configuration management by encrypting sensitive values within configuration files while preserving structure.
  • Secrets Deployment Pipelines - Integrates encrypted files into CI/CD pipelines to ensure only authorized environments can decrypt sensitive data.
  • Cryptographic Backends - Provides a pluggable architecture for cryptographic backends to support various encryption algorithms and key providers.
  • Envelope Encryption - Employs symmetric-key envelope encryption by using unique data keys encrypted by a master provider key.
  • Encryption Key Management - Integrates with cloud key management services to secure and rotate encryption keys for configuration files.
  • Metadata-Driven Decryption - Implements metadata-driven decryption by storing key identifiers within the encrypted files to determine the correct decryption path.
  • PGP - Supports managing encrypted secrets using PGP keys to ensure secure data transport and storage.
  • DevSecOps And Hardening - Encrypts configuration files using cloud KMS or PGP keys.
  • System Integrations - Flexible secret manager with broad ecosystem support.
  • Secret Management - Encrypted file editor supporting multiple cloud KMS providers.
  • Secrets Management - Encrypts sensitive values within common configuration file formats.

Istoric stele

Graficul istoricului de stele pentru mozilla/sopsGraficul istoricului de stele pentru mozilla/sops

Căutare AI

Explorează mai multe repository-uri excelente

Descrie ce ai nevoie în limbaj simplu — AI-ul sortează mii de proiecte open source selectate în funcție de relevanță.

Start searching with AI

Alternative open-source pentru Sops

Proiecte open-source similare, clasificate după numărul de funcționalități comune cu Sops.
  • stackexchange/blackboxAvatar StackExchange

    StackExchange/blackbox

    6,768Vezi pe GitHub↗

    Blackbox is a GPG secret management tool and asymmetric encryption wrapper used to securely store and share sensitive files within version control systems like Git, Mercurial, or Subversion. It functions as a version control secret store that encrypts files for safe storage at rest while allowing authorized users and machines to decrypt them. The system distinguishes itself by integrating directly with version control to provide plaintext diff and log visualization of encrypted files. It supports multi-recipient encryption and automated secret decryption via passphrase-less GPG subkeys, enabl

    Go
    Vezi pe GitHub↗6,768
  • bitnami-labs/sealed-secretsAvatar bitnami-labs

    bitnami-labs/sealed-secrets

    8,925Vezi pe GitHub↗

    Sealed Secrets is a Kubernetes secret encryption tool and controller designed for GitOps security. It provides a mechanism to encrypt sensitive data into specialized resources that can be safely stored in public version control systems and decrypted only within a cluster. The system uses an asymmetric encryption manager to seal secrets with a public key, ensuring that only the corresponding private key held within the cluster can unseal them. It includes utilities for security key rotation, secret re-encryption, and offline private key recovery to maintain data access during disaster recovery

    Godevops-workflowencrypt-secretsgitops
    Vezi pe GitHub↗8,925
  • agwa/git-cryptAvatar AGWA

    AGWA/git-crypt

    9,746Vezi pe GitHub↗

    git-crypt is a transparent cryptography layer and secret manager for Git repositories. It encrypts specific files so they remain as ciphertext on remote servers while appearing as plaintext in local directories. The tool uses Git attributes to define the scope of files and directories targeted for encryption. It supports both symmetric secret key encryption for shared access and asymmetric public key encryption to control decryption permissions among multiple collaborators. The system automates the encryption and decryption process through hook-based filters that trigger during commit and ch

    C++
    Vezi pe GitHub↗9,746
  • infisical/infisicalAvatar Infisical

    Infisical/infisical

    27,374Vezi pe GitHub↗

    Infisical is a centralized secrets management platform designed to store, synchronize, and control access to sensitive credentials and configuration data across distributed development, staging, and production environments. It employs client-side encryption to ensure that secrets remain unreadable to the underlying storage infrastructure, while providing a hierarchical permission model to govern both user and machine access. The platform distinguishes itself through dynamic credential provisioning, which generates short-lived access tokens that are automatically revoked after use. It supports

    TypeScriptacmecertificate-managementcli
    Vezi pe GitHub↗27,374
Vezi toate cele 30 alternative pentru Sops→

Întrebări frecvente

Ce face mozilla/sops?

Sops is a secrets encryption tool designed to encrypt and decrypt sensitive values within configuration files. It functions as a manager for secrets that integrates with cloud key vaults and PGP keys to secure data stored in version-controlled files.

Care sunt principalele funcționalități ale mozilla/sops?

Principalele funcționalități ale mozilla/sops sunt: Structure-Preserving, Cloud Secret Managers, Configuration Encryption, External Key Integration, GitOps Secret Management, Cloud KMS Integrations, Key Management Services, Secret Configuration Management.

Care sunt câteva alternative open-source pentru mozilla/sops?

Alternativele open-source pentru mozilla/sops includ: stackexchange/blackbox — Blackbox is a GPG secret management tool and asymmetric encryption wrapper used to securely store and share sensitive… bitnami-labs/sealed-secrets — Sealed Secrets is a Kubernetes secret encryption tool and controller designed for GitOps security. It provides a… agwa/git-crypt — git-crypt is a transparent cryptography layer and secret manager for Git repositories. It encrypts specific files so… infisical/infisical — Infisical is a centralized secrets management platform designed to store, synchronize, and control access to sensitive… gopasspw/gopass — gopass is a terminal-based password manager and GPG secret store used for generating, storing, and retrieving… hashicorp/boundary — Boundary is an identity-aware access proxy and privileged access management tool. It brokers secure network…