Difference between revisions of "SOPS GCP KMS"
Jump to navigation
Jump to search
↑ https://github.com/mozilla/sops#26adding-and-removing-keys
(9 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | + | == [[Encryption]]/[[Decryption]] == | |
To create file: | To create file: | ||
* <code>[[sops --gcp]] /your/path/to/your/sops-encryption-key test.yaml</code> | * <code>[[sops --gcp]] /your/path/to/your/sops-encryption-key test.yaml</code> | ||
Line 7: | Line 7: | ||
* <code>[[sops --encrypt]] test.yaml > test.enc.yaml</code> | * <code>[[sops --encrypt]] test.yaml > test.enc.yaml</code> | ||
* <code>[[sops --encrypt --in-place]]</code> | * <code>[[sops --encrypt --in-place]]</code> | ||
+ | * <code>[[sops --encrypt --gcp-kms]]</code> | ||
+ | == Manage Keys == | ||
+ | * <code>[[gcloud kms keyrings create your-sops-keyring --location global]]</code> | ||
+ | * <code>[[gcloud kms keys create]] --location global --keyring your-sops-keyring --purpose encryption --protection-level "hsm"</code> | ||
+ | == Related == | ||
+ | * <code>[[sops --azure-kv]]</code> | ||
+ | * <code>[[SOPS GCP KMS IDS environment variable|SOPS_GCP_KMS_IDS]]</code> environmental variable | ||
<code>[[--gcp-kms]]</code> | <code>[[--gcp-kms]]</code> | ||
[[SOPS_GCP_KMS_IDS]]<ref>https://github.com/mozilla/sops#26adding-and-removing-keys</ref> | [[SOPS_GCP_KMS_IDS]]<ref>https://github.com/mozilla/sops#26adding-and-removing-keys</ref> | ||
− | |||
− | |||
− | |||
− | |||
== See also == | == See also == |
Latest revision as of 09:54, 31 October 2022
Encryption/Decryption[edit]
To create file:
sops --gcp /your/path/to/your/sops-encryption-key test.yaml
To encrypt:
sops --encrypt test.yaml > test.enc.yaml
sops --encrypt --in-place
sops --encrypt --gcp-kms
Manage Keys[edit]
gcloud kms keyrings create your-sops-keyring --location global
gcloud kms keys create --location global --keyring your-sops-keyring --purpose encryption --protection-level "hsm"
Related[edit]
sops --azure-kv
SOPS_GCP_KMS_IDS
environmental variable
--gcp-kms
SOPS_GCP_KMS_IDS[1]
See also[edit]
- SOPS,
sops | sops -d | sops -e | sops exec-env | sops exec-file | sops publish | sops keyservice | sops groups | sops updatekeys | sops --help
- SOPS: Secrets OPerationS,
sops
, GCP,ENC[AES256_GCM, sops-secrets-operator
Advertising: