Difference between revisions of "Sops --encrypt --gcp-kms"
Jump to navigation
Jump to search
(→Errors) |
|||
| (8 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
{{lc}} | {{lc}} | ||
| − | + | <code>[[sops --encrypt]] [[--gcp-kms]]</code> | |
| − | You can define your key using <code>--gcp-kms</code> option or by defining a <code>[[ | + | You can define your key using <code>--gcp-kms</code> option or by defining a <code>[[SOPS_GCP_KMS_IDS]]</code> [[environment variable]] |
| + | |||
| + | Exporting your key: | ||
| + | * <code>export [[SOPS_GCP_KMS]]="projects/your-project/locations/global/keyRings/your-keyring/cryptoKeys/your-sops-encryption-key"</code> | ||
== Examples == | == Examples == | ||
[[sops --encrypt --gcp-kms]] $[[KMS_PATH]] secret.yaml > secret.enc.yaml | [[sops --encrypt --gcp-kms]] $[[KMS_PATH]] secret.yaml > secret.enc.yaml | ||
| − | |||
| + | [[sops --encrypt --gcp-kms]] $[[KMS_PATH]] --in-place your-secret.yaml | ||
| + | (no output) | ||
| − | sops --encrypt -- | + | sops --encrypt --in-place [[--unencrypted-regex]] '^(description|metadata)$' k8s-secret.yaml |
| − | + | (no output) | |
| + | sops --encrypt --in-place [[--encrypted-regex]] '^(data|stringData)$' app-secret.yaml | ||
| + | (no output) | ||
| − | + | [[sops --encrypt --in-place]] --encrypted-regex '^(secrets)$' your-secrets_dev.yaml | |
| − | + | (no output) | |
| + | == Errors == | ||
| + | sops --encrypt --gcp-kms only-one-file | ||
| + | [[Error: no file specified]] | ||
| + | [[Failed to get the data key required to decrypt the SOPS file.]] | ||
== Related == | == Related == | ||
Latest revision as of 09:12, 24 November 2022
You can define your key using --gcp-kms option or by defining a SOPS_GCP_KMS_IDS environment variable
Exporting your key:
export SOPS_GCP_KMS="projects/your-project/locations/global/keyRings/your-keyring/cryptoKeys/your-sops-encryption-key"
Contents
Examples[edit]
sops --encrypt --gcp-kms $KMS_PATH secret.yaml > secret.enc.yaml
sops --encrypt --gcp-kms $KMS_PATH --in-place your-secret.yaml (no output)
sops --encrypt --in-place --unencrypted-regex '^(description|metadata)$' k8s-secret.yaml (no output)
sops --encrypt --in-place --encrypted-regex '^(data|stringData)$' app-secret.yaml (no output)
sops --encrypt --in-place --encrypted-regex '^(secrets)$' your-secrets_dev.yaml (no output)
Errors[edit]
sops --encrypt --gcp-kms only-one-file Error: no file specified
Failed to get the data key required to decrypt the SOPS file.
Related[edit]
sops --decrypt --gcp-kmsgcloud kms keys list --location global --keyring sopsSOPS_GCP_KMSenvironment variable- KMS
See also[edit]
- SOPS,
sops | sops -d | sops -e | sops exec-env | sops exec-file | sops publish | sops keyservice | sops groups | sops updatekeys | sops --help - SOPS: Secrets OPerationS,
sops, GCP,ENC[AES256_GCM, sops-secrets-operator
Advertising:
