SOPS Rules
Mozilla SOPS for encrypting secrets in config files. Supports AWS KMS, GCP KMS, Azure Key Vault, and PGP.
3 rules
.sops.yaml Configuration Standards
Beginner
Configure SOPS with a .sops.yaml file for automatic encryption rules — define creation rules per file pattern, specify KMS keys per environment, and enforce encrypted_regex for partial encryption.
globs: **/.sops.yaml, **/*.enc.*, **/*.enc.yaml, **/*.enc.json
sops-config, encryption-rules, kms, age
View Rule
SOPS Encryption Workflow Rules
Intermediate
Follow proper SOPS workflows — encrypt before committing, verify encryption status in CI, use sops exec-env for runtime decryption, and never store decrypted files on disk in production.
globs: **/.sops.yaml, **/*.enc.*, **/*.sh
encryption-workflow, runtime-decryption, exec-env, git-secrets
View Rule
SOPS Key Management Practices
Advanced
Manage SOPS encryption keys securely — use cloud KMS for production, age keys for development, implement key rotation, and maintain proper access controls per environment.
globs: **/.sops.yaml, **/*.enc.*
key-management, kms, age, key-rotation
View Rule