[nodefortytwo]

We have been using Sops for a few months, it's pretty impressive really.

reading your Sops config during githooks allows you to ensure everything is encrypted before commit.

The only downside I have come across is that if you accidentally encrypt a file twice you essentially lose the data. obviously, this is user error but some additional protections around this would be good.

[koblas]

We've been using sops for about a year and it's a great solution to the startup problem of having secrets but needing to store them somewhere. The other options all involve additional infrastructure, while this just uses AWS infrastructure at the free level.

[danenania]

For a 1Password-like hosted service that also requires no additional infrastructure, check out EnvKey - https://www.envkey.com

It handles encryption keys completely behind the scenes, is trivial to integrate, and provides a UI to easily manage multiple environments and access levels in one place.

There will, of course, always be a role for more DIY solutions like sops, but if your goal is to have configuration/secrets secure, organized, and available to developers and servers in as little time as possible, you may find EnvKey interesting.

[jlgaddis]

(Full disclosure: danenania is the founder of EnvKey, as mentioned in his/her profile.)

[danenania]

Indeed - sorry to leave that out!

[jFriedensreich]

had the same issues and now i always either check for the sops encryption keys with a sops wrapper script before encryption or decrypt to a git-ignored temp file that is immediately deleted after use.