We just recently adopted this and it's crazy to me how I spent years just copying around gitignored .env files and sharing 1password links. Highly underrated tool.
For a long time up until about a couple of years ago the project was stagnated and was missing some pretty critical features. I'd say it was only halfway usable until then and it doesn't have near the ecosystem that things like Hashicorp Vault does. But for my self hosted infra stuff it is perfect. It just really doesn't gel well with compliance frameworks and audits, mainly because the auditability of the solution goes out the window the second someone is able to decrypt the secret - its access patterns are untraceable. These auditors really prefer to see a situation where access to the secret is tightly controlled and audited on rotation and sops, by nature of how it works, cannot really easily offer that.
Sops can natively handle .env files. All you need to apply them to your process is a small wrapper script that sources the decrypted file before invoking your command.
chrismatic|7 days ago
SOLAR_FIELDS|6 days ago
berkes|7 days ago
I use sops for encrypting yaml files. But how does it replace .env or other ENV var setters/holders?
chrismatic|7 days ago
ctmnt|7 days ago
pcpuser|7 days ago
_pdp_|7 days ago