Skip to content

🔑 SOPS

SOPS is used to encrypt and decrypt secrets in my homelab.

Typically, my secrets are kept in .env files that are read as environmental variables and then used my configs.

Other files are encrypted that have secrets, such as yaml config or sqlite db files.

age is my encryption of choice.

🛠 Installation

apt install sops

brew install sops

⚙ Config

🔑 Keys

~/.config/sops/age/keys.txt

(
  [ -d ~/.config/sops/age ] || mkdir -p ~/.config/sops/age
  scp [email protected]/home/nicholas/.config/sops/age/keys.txt ~/.config/sops/age/
)

(
  [ -d ~/.config/sops/age ] || mkdir -p ~/.config/sops/age
  lpass show sops-age --attach=att-2571789250549588435-38084 -q > ~/.config/sops/age/keys.txt
)

.sops.yaml

---
creation_rules:
  - filename_regex: \.yaml$
    age: 'age1x2at6wwq2gks47fsep9a25emdeqd93e3k0gfsswtmhruqrteu5jqjvy7kd'
  - filename_regex: \.db$
    age: 'age1x2at6wwq2gks47fsep9a25emdeqd93e3k0gfsswtmhruqrteu5jqjvy7kd'

📝 Usage

🔒 Encrypt

task encrypt

sops -e .env > .env.enc

🔐 Decrypt

task decrypt

sops -d --input-type dotenv --output-type dotenv .env.enc > .env

🔗 References