Managing Secrets in Configuration Files with SOPS

Encrypting a config file shouldn’t require learning a different tool for every cloud.

In this episode of ๐ŸŒฉ๏ธ Thunder, Andrew Block, Distinguished Architect at Red Hat, explains SOPS (Secrets OPerationS) โ€” a CLI tool that encrypts and decrypts files using GPG, AWS KMS, GCP KMS, Azure Key Vault, or HashiCorp Vault through a single interface. One tool, any backend.

We cover common use cases (protecting database credentials, SSH keys, Kubernetes secrets), how .sops.yaml creation rules make encryption declarative, and how SOPS fits into GitOps workflows with Helm, Kustomize, Flux, and Argo CD.

Watch now โ†’ youtu.be/9jgKuHzaY…

Thunder episode thumbnail featuring Andrew Block and Whitney Lee. Large yellow text reads Managing Secrets in Configuration Files with SOPS. Andrew appears on the left in a headshot, Whitney on the right looking excited with hands near her face, wearing a plaid shirt. A lightboard with SOPS architecture diagrams is visible in the background. The Thunder logo appears in the top left corner.