Akeyless
Cloud-native SaaS platform for unified secrets management and machine identity security
Open-Source Projects
Discover top open-source software, updated regularly with real-world adoption signals.
Discover top open-source software, updated regularly with real-world adoption signals.
Encrypted file editor supporting multiple formats and key providers
SOPS encrypts YAML, JSON, ENV, INI, and binary files using AWS KMS, GCP KMS, Azure Key Vault, age, and PGP, enabling secure secrets management with transparent editing.
SOPS (Secrets OPerationS) is an encrypted file editor designed for teams managing sensitive configuration data across cloud and on-premises environments. It supports YAML, JSON, ENV, INI, and binary formats, encrypting values while preserving file structure for version control and code review workflows.
SOPS integrates with AWS KMS, GCP KMS, Azure Key Vault, age, and PGP, allowing organizations to leverage existing key management infrastructure. Multiple master keys can be configured simultaneously for redundancy and cross-region resilience. The tool transparently decrypts files for editing in your preferred editor, then re-encrypts on save.
Encrypted files remain human-readable in structure, with only sensitive values encrypted. This approach enables meaningful Git diffs, pull request reviews, and audit trails. SOPS can be used as a standalone CLI tool or integrated as a Go library via the decrypt package. Credentials are managed through standard provider SDKs and environment variables, fitting naturally into CI/CD pipelines and local development environments.
When teams consider SOPS, these hosted platforms usually appear on the same shortlist.
Cloud-native SaaS platform for unified secrets management and machine identity security
Managed service for securely storing, retrieving, and rotating application secrets (credentials, API keys, etc.)
Cloud service for secure storage and management of cryptographic keys, secrets, and certificates
Looking for a hosted option? These are the services engineering teams benchmark against before choosing open source.
Kubernetes Secret Management
Encrypt Kubernetes manifests with sensitive data, commit to Git, and decrypt during deployment pipelines while maintaining full audit history.
Multi-Region Application Configuration
Use multiple AWS KMS keys across regions to ensure configuration files remain accessible even during regional outages.
Collaborative Secret Updates
Enable team members to propose secret changes via pull requests with encrypted values visible in diffs for review workflows.
Hybrid Cloud Deployments
Manage secrets across AWS, GCP, and Azure using their respective KMS services within a single encrypted configuration file.
Yes, SOPS supports using PGP and multiple cloud KMS providers (AWS, GCP, Azure) together in the same file. Each provider stores an encrypted copy of the data key.
SOPS encrypts only values, leaving keys and structure intact. This produces meaningful diffs in Git, allowing code reviews of configuration changes while keeping secrets encrypted.
SOPS works with YAML, JSON, ENV, INI, and binary formats, automatically detecting the format and applying appropriate encryption to sensitive values.
SOPS uses aws-sdk-go-v2 and equivalent SDKs internally. You only need to configure credentials via standard methods like ~/.aws/credentials or environment variables.
Yes, SOPS provides a Go decrypt package that can be imported as a library for runtime decryption within applications.
Project at a glance
ActiveLast synced 4 days ago