SOPS

SOPS is an editor for encrypted files that lets you store secrets in YAML, JSON, ENV, INI, and binary formats. It is built for managing secret data in files rather than keeping it in a separate app, and it supports AWS KMS, GCP KMS, Azure Key Vault, HuaweiCloud KMS, age, and PGP for encryption.

It works by editing encrypted files directly, so secrets can stay in the formats and workflows you already use. The supported formats include structured and unstructured files, which makes it usable for configuration files as well as binary data.

SOPS was first launched at Mozilla in 2015 and is now a Cloud Native Computing Foundation Sandbox project. It is licensed under Mozilla Public License Version 2.0 and runs as a standalone editor rather than a hosted service. Because it encrypts and decrypts the files you keep yourself, secrets stay in your own storage and version control while only the values inside each file are protected.