sops
What is it
Since placing .env
content directly in the repository will cause a security breach, we need to encrypt the .env
file and its contents to be pushed to repository or production.
Sops aims to store encrypted configurations containing sensitive information into versioning system (Git, SVN, etc) and then be able to work with these encrypted files effortlessly.
Preserves file structure even when encrypted
Sops is a binary able to encrypt configuration files. But rather than encrypting the whole file, Sops
understands format (JSON, YAML, INI, etc) and will only encrypt the values
of each line (in a key/value pair)
Installation
brew install sops
Usage
Decrypting sops
locally allows edit
# decrypt sops -d file_name # encrypt sops -e file_name
Errors and Fix
MAC mismatch error
Error message
MAC mismatch. File has hash_value
Fix
sops --ignore-mac <enc_file_name>
Fixing a broken sops
file
Remove the problematic key that was recently added