Difference between revisions of "Sops --encrypt --gcp-kms"
Jump to navigation
Jump to search
| Line 9: | Line 9: | ||
== Examples == | == Examples == | ||
* <code>[[sops --encrypt --gcp-kms]] $[[KMS_PATH]] secret.yaml > secret.enc.yaml</code> | * <code>[[sops --encrypt --gcp-kms]] $[[KMS_PATH]] secret.yaml > secret.enc.yaml</code> | ||
| − | + | [[sops --encrypt --gcp-kms]] $[[KMS_PATH]] --in-place your-secret.yaml | |
| + | (no output) | ||
| + | |||
| + | sops --encrypt --in-place [[--unencrypted-regex]] '^(description|metadata)$' k8s-secret.yaml | ||
| + | (no output) | ||
| + | |||
| + | sops --encrypt [[--encrypted-regex]] '^(data|stringData)$' app-secret.yaml | ||
| + | (no output) | ||
== Errors == | == Errors == | ||
Revision as of 07:06, 24 November 2022
You can define your key using --gcp-kms option or by defining a SOPS_GCP_KMS environment variable
Exporting your key:
export SOPS_GCP_KMS="projects/your-project/locations/global/keyRings/your-keyring/cryptoKeys/your-sops-encryption-key"
Contents
Examples
sops --encrypt --gcp-kms $KMS_PATH secret.yaml > secret.enc.yaml
sops --encrypt --gcp-kms $KMS_PATH --in-place your-secret.yaml (no output)
sops --encrypt --in-place --unencrypted-regex '^(description|metadata)$' k8s-secret.yaml (no output)
sops --encrypt --encrypted-regex '^(data|stringData)$' app-secret.yaml (no output)
Errors
sops --encrypt --gcp-kms only-one-file Error: no file specified
Related
sops --decrypt --gcp-kmsgcloud kms keys list --location global --keyring sopsSOPS_GCP_KMSenvironment variable- KMS
See also
- SOPS,
sops | sops -d | sops -e | sops exec-env | sops exec-file | sops publish | sops keyservice | sops groups | sops updatekeys | sops --help - SOPS: Secrets OPerationS,
sops, GCP,ENC[AES256_GCM, sops-secrets-operator
Advertising:
