Tools
Practical
By Samson Tanimawo, PhD
Published Jan 29, 2026
4 min read
sops for Encrypted Secrets in Git
sops encrypts files for git storage.
Live workflow · 3 working · 1 queuedLive
Signal · gather Working
Decide · pick action Working
Apply · with verify Working
Learn · update playbook Queued
Usage
sops --kms key encrypts a file. Key in AWS KMS or similar.
Encrypted file safe to commit.
Decrypt
sops decrypt file.enc.yaml decrypts in place.
CI uses KMS access to decrypt.
Alternatives
git-crypt for symmetric. Vault for runtime secrets.
sops fits IaC and config workflows.