mozilla SOPS

2022-08-22 ยท 1 min read

    Simple and flexible tool for managing secrets

    overview #

    • Store encrypted credentials in an ops git repo
    • DevOps manually "provisions" secrets by updating per-service encrypted credentials files
    • Credentials files are encrypted with a key also stored in e.g. Azure KMS (per-service creds encrypted w/ key only viewable by that service in Azure KMS?)
    • When service gets provisioned, on startup its credentials decryption key is pulled from KMS and the credentials are decrypted