What is it

Since placing .env content directly in the repository will cause a security breach, we need to encrypt the .env file and its contents to be pushed to repository or production.

Sops aims to store encrypted configurations containing sensitive information into versioning system (Git, SVN, etc) and then be able to work with these encrypted files effortlessly.

Preserves file structure even when encrypted

Sops is a binary able to encrypt configuration files. But rather than encrypting the whole file, Sops understands format (JSON, YAML, INI, etc) and will only encrypt the values of each line (in a key/value pair)

Installation

brew install sops

Usage

Decrypting sops locally allows edit

# decrypt
sops -d file_name

# encrypt
sops -e file_name

Errors and Fix

MAC mismatch error

Error message

MAC mismatch. File has hash_value

Fix

sops --ignore-mac <enc_file_name>

Fixing a broken sops file

Remove the problematic key that was recently added