Difference between revisions of "Sops --encrypt --gcp-kms"
Jump to navigation
Jump to search
(→Errors) |
|||
(11 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
{{lc}} | {{lc}} | ||
+ | <code>[[sops --encrypt]] [[--gcp-kms]]</code> | ||
− | You can define your key using <code>--gcp-kms</code> option or by defining a <code>[[ | + | You can define your key using <code>--gcp-kms</code> option or by defining a <code>[[SOPS_GCP_KMS_IDS]]</code> [[environment variable]] |
− | + | ||
+ | Exporting your key: | ||
+ | * <code>export [[SOPS_GCP_KMS]]="projects/your-project/locations/global/keyRings/your-keyring/cryptoKeys/your-sops-encryption-key"</code> | ||
+ | |||
+ | == Examples == | ||
[[sops --encrypt --gcp-kms]] $[[KMS_PATH]] secret.yaml > secret.enc.yaml | [[sops --encrypt --gcp-kms]] $[[KMS_PATH]] secret.yaml > secret.enc.yaml | ||
− | |||
+ | [[sops --encrypt --gcp-kms]] $[[KMS_PATH]] --in-place your-secret.yaml | ||
+ | (no output) | ||
+ | |||
+ | sops --encrypt --in-place [[--unencrypted-regex]] '^(description|metadata)$' k8s-secret.yaml | ||
+ | (no output) | ||
+ | |||
+ | sops --encrypt --in-place [[--encrypted-regex]] '^(data|stringData)$' app-secret.yaml | ||
+ | (no output) | ||
+ | |||
+ | [[sops --encrypt --in-place]] --encrypted-regex '^(secrets)$' your-secrets_dev.yaml | ||
+ | (no output) | ||
+ | |||
+ | == Errors == | ||
sops --encrypt --gcp-kms only-one-file | sops --encrypt --gcp-kms only-one-file | ||
[[Error: no file specified]] | [[Error: no file specified]] | ||
+ | [[Failed to get the data key required to decrypt the SOPS file.]] | ||
== Related == | == Related == |
Latest revision as of 09:12, 24 November 2022
You can define your key using --gcp-kms
option or by defining a SOPS_GCP_KMS_IDS
environment variable
Exporting your key:
export SOPS_GCP_KMS="projects/your-project/locations/global/keyRings/your-keyring/cryptoKeys/your-sops-encryption-key"
Contents
Examples[edit]
sops --encrypt --gcp-kms $KMS_PATH secret.yaml > secret.enc.yaml
sops --encrypt --gcp-kms $KMS_PATH --in-place your-secret.yaml (no output)
sops --encrypt --in-place --unencrypted-regex '^(description|metadata)$' k8s-secret.yaml (no output)
sops --encrypt --in-place --encrypted-regex '^(data|stringData)$' app-secret.yaml (no output)
sops --encrypt --in-place --encrypted-regex '^(secrets)$' your-secrets_dev.yaml (no output)
Errors[edit]
sops --encrypt --gcp-kms only-one-file Error: no file specified
Failed to get the data key required to decrypt the SOPS file.
Related[edit]
sops --decrypt --gcp-kms
gcloud kms keys list --location global --keyring sops
SOPS_GCP_KMS
environment variable- KMS
See also[edit]
- SOPS,
sops | sops -d | sops -e | sops exec-env | sops exec-file | sops publish | sops keyservice | sops groups | sops updatekeys | sops --help
- SOPS: Secrets OPerationS,
sops
, GCP,ENC[AES256_GCM, sops-secrets-operator
Advertising: