Sunday, 12 April 2026 @ 09:17 UTC ~2 12,244 130,117

Secrets OPerationS

SOPS: Secrets OPerationS · SecretsOPerationS.SOPS

Simple and flexible tool for managing secrets

sops is an editor of encrypted files that supports YAML, JSON, ENV, INI and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault, age, and PGP.

winget install --id SecretsOPerationS.SOPS --exact --source winget

Latest 3.12.2

Release Notes

Installation To install sops, download one of the pre-built binaries provided for your platform from the artifacts attached to this release. For instance, if you are using Linux on an AMD64 architecture:

Download the binary

curl -LO https://github.com/getsops/sops/releases/download/v3.12.2/sops-v3.12.2.linux.amd64

Move the binary in to your PATH

mv sops-v3.12.2.linux.amd64 /usr/local/bin/sops

Make the binary executable

chmod +x /usr/local/bin/sops Verify checksums file signature The checksums file provided within the artifacts attached to this release is signed using Cosign with GitHub OIDC. To validate the signature of this file, run the following commands:

Download the checksums file, certificate and signature

curl -LO https://github.com/getsops/sops/releases/download/v3.12.2/sops-v3.12.2.checksums.txt curl -LO https://github.com/getsops/sops/releases/download/v3.12.2/sops-v3.12.2.checksums.pem curl -LO https://github.com/getsops/sops/releases/download/v3.12.2/sops-v3.12.2.checksums.sig

Verify the checksums file

cosign verify-blob sops-v3.12.2.checksums.txt
--certificate sops-v3.12.2.checksums.pem
--signature sops-v3.12.2.checksums.sig
--certificate-identity-regexp=https://github.com/getsops
--certificate-oidc-issuer=https://token.actions.githubusercontent.com Verify binary integrity To verify the integrity of the downloaded binary, you can utilize the checksums file after having validated its signature:

Verify the binary using the checksums file

sha256sum -c sops-v3.12.2.checksums.txt --ignore-missing Verify artifact provenance The SLSA provenance of the binaries, packages, and SBOMs can be found within the artifacts associated with this release. It is presented through an in-toto link metadata file named sops-v3.12.2.intoto.jsonl. To verify the provenance of an artifact, you can utilize the slsa-verifier tool:

Download the metadata file

curl -LO https://github.com/getsops/sops/releases/download/v3.12.2/sops-v3.12.2.intoto.jsonl

Verify the provenance of the artifact

slsa-verifier verify-artifact
--provenance-path sops-v3.12.2.intoto.jsonl
--source-uri github.com/getsops/sops
--source-tag v3.12.2 Container Images The sops binaries are also available as container images, based on Debian (slim) and Alpine Linux. The Debian-based container images include any dependencies which may be required to make use of certain key services, such as GnuPG, AWS KMS, Azure Key Vault, and Google Cloud KMS. The Alpine-based container images are smaller in size, but do not include these dependencies. These container images are available for the following architectures: linux/amd64 and linux/arm64. GitHub Container Registry

  • ghcr.io/getsops/sops:v3.12.2
  • ghcr.io/getsops/sops:v3.12.2-alpine Quay.io
  • quay.io/getsops/sops:v3.12.2
  • quay.io/getsops/sops:v3.12.2-alpine Verify container image signature The container images are signed using Cosign with GitHub OIDC. To validate the signature of an image, run the following command: cosign verify ghcr.io/getsops/sops:v3.12.2
    --certificate-identity-regexp=https://github.com/getsops
    --certificate-oidc-issuer=https://token.actions.githubusercontent.com
    -o text Verify container image provenance The container images include SLSA provenance attestations. For more information around the verification of this, please refer to the slsa-verifier documentation. Software Bill of Materials The Software Bill of Materials (SBOM) for each binary is accessible within the artifacts enclosed with this release. It is presented as an SPDX JSON file, formatted as .spdx.sbom.json. What's Changed
  • CI: Rearrange steps; disable setup-go's caching by @felixfontein in #2081
  • build(deps): Bump the go group with 6 updates by @dependabot[bot] in #2085
  • build(deps): Bump the ci group with 2 updates by @dependabot[bot] in #2084
  • build(deps): Bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 by @dependabot[bot] in #2087
  • build(deps): Bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 by @dependabot[bot] in #2089
  • build(deps): Bump the ci group with 4 updates by @dependabot[bot] in #2091
  • build(deps): Bump tempfile from 3.25.0 to 3.26.0 in /functional-tests in the rust group by @dependabot[bot] in #2090
  • build(deps): Bump github.com/docker/cli from 28.0.4+incompatible to 29.2.0+incompatible by @dependabot[bot] in #2095
  • build(deps): Bump the ci group with 4 updates by @dependabot[bot] in #2101
  • Check for metadata key(s) before re-encrypting file by @felixfontein in #2098
  • fix: handle mac only encrypted flag in global by @CzBiX in #2100
  • sops edit: delete temporary file on termination by @felixfontein in #2104
  • build(deps): Bump the ci group with 4 updates by @dependabot[bot] in #2106
  • build(deps): Bump tempfile from 3.26.0 to 3.27.0 in /functional-tests in the rust group by @dependabot[bot] in #2105
  • Revert "Merge pull request #1697 from onjen/fix-1142" by @felixfontein in #2099
  • Release 3.12.2 by @felixfontein in #2109 New Contributors
  • @CzBiX made their first contribution in #2100 Full Changelog: v3.12.1...v3.12.2

Installer type: portable

Architecture Scope Download SHA256
x64 Download 5E777B1854AB2A6271D8F66375970E1FE3EEA838251C309DE151D16A2BDF13A2
arm64 Download BFC95CE0426E78A9DD13A8EF32DB61B0587F45660530CB00ADCDD374BA84FD9E

Details

Homepage
https://github.com/getsops/sops
License
MPL-2.0
Publisher
SOPS: Secrets OPerationS
Support
https://github.com/getsops/sops/issues
Moniker
sops

Tags

awsazuredevopsgcppgpsecret-distributionsecret-managementsecuritysops

Older versions (11)

3.11.0
Architecture Scope Download SHA256
x64 Download F3D74D83006954F0D8CF770AD7E5380504270DED5A62F33EB2548CE5461AF3B3
arm64 Download 72D5A01D785A9466C2C50FBF8F775FE682B2B058C9AE25B0C8C8D5F1F7EE2568
3.10.2
Architecture Scope Download SHA256
x64 Download 056D18D9F12966AEBD33A8181B54C358BCB312661FADC5A3141BB6F84B9C3502
arm64 Download 9E08C708147634F485F8574A22ADD98B6A092511E84FF69C6D2849834AEC865D
3.10.1
Architecture Scope Download SHA256
x64 Download F475289A644D6E60DED7BDE2FE4DFD72DC0E61D87FF61A23AA615566CA3B688F
arm64 Download D204506C4A3DE3BD343430611E5295D3A259B206D5CBDA6727411D23690CA584
3.10.0
Architecture Scope Download SHA256
x64 Download 4532DBC8FE8FC02DBC308404DA41D029CD2DA0A51EADCD6C89AE4FFBAC544141
arm64 Download 6B5E662ADD90C70301A2A53FE6B91410A0C575ED38883C4AFC0F2161EF5998F7
3.9.4
Architecture Scope Download SHA256
x64 Download BEE270926FC55B5B89ED9CE87FB2569A36C74E99D63E6392090B3D0F0C2775EB
3.9.3
Architecture Scope Download SHA256
x64 Download DF9372DD551A872918D70FCC4394E58A498D4F16BAE414B1995555059BA8D4F6
3.9.2
Architecture Scope Download SHA256
x64 Download D2553C23627E49DE63E220AF461C6238CFCE3FB86565AE9797E3407C277A06BE
3.9.1
Architecture Scope Download SHA256
x64 Download 745AB6AA6D6E3FBBB8A3484EC22CAF2CBF61B5F70D1416EEA5D2A644DE722F31
3.9.0
Architecture Scope Download SHA256
x64 Download 2B45084E9E6308FA465EEAC2419D497B5B16B66D332AF18C03FEB3D68E51F52F
3.8.1
Architecture Scope Download SHA256
x64 Download FE1F6299294B47CEDA565E1091E843EE3F3DB58764901D4298EB00558189E25F
3.8.0
Architecture Scope Download SHA256
x64 Download 8BB627307DDEFBC529AB844C7BDDBC71AE3BA3643A919CD6B9E127DC74CC1841