{"id":32465197,"url":"https://github.com/blueshoe/ensure-sops-pre-commit-and-action","last_synced_at":"2026-05-16T00:39:57.449Z","repository":{"id":316082650,"uuid":"1061890465","full_name":"Blueshoe/ensure-sops-pre-commit-and-action","owner":"Blueshoe","description":"A pre-commit hook and a GitHub action to ensure that files are SOPS encrypted.","archived":false,"fork":false,"pushed_at":"2025-10-22T09:50:56.000Z","size":16,"stargazers_count":1,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-10-22T11:27:35.338Z","etag":null,"topics":["actions","github-actions","precommit","precommit-hooks","sops"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Blueshoe.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-09-22T14:19:41.000Z","updated_at":"2025-10-22T09:50:27.000Z","dependencies_parsed_at":"2025-10-22T11:28:04.351Z","dependency_job_id":"4ea39b68-91ad-4191-9ae0-c23be70352e9","html_url":"https://github.com/Blueshoe/ensure-sops-pre-commit-and-action","commit_stats":null,"previous_names":["blueshoe/pre-commit-hook-ensure-sops","blueshoe/ensure-sops-pre-commit-and-action"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/Blueshoe/ensure-sops-pre-commit-and-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Blueshoe%2Fensure-sops-pre-commit-and-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Blueshoe%2Fensure-sops-pre-commit-and-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Blueshoe%2Fensure-sops-pre-commit-and-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Blueshoe%2Fensure-sops-pre-commit-and-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Blueshoe","download_url":"https://codeload.github.com/Blueshoe/ensure-sops-pre-commit-and-action/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Blueshoe%2Fensure-sops-pre-commit-and-action/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":281114857,"owners_count":26446042,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-26T02:00:06.575Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["actions","github-actions","precommit","precommit-hooks","sops"],"created_at":"2025-10-26T13:50:51.721Z","updated_at":"2025-10-26T13:50:56.613Z","avatar_url":"https://github.com/Blueshoe.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ensure-sops-pre-commit-and-action\nA pre-commit hook and a GitHub action to ensure that files are SOPS encrypted.\n\nOur main usage for SOPS is to directly encrypt Kubernetes Secrets. \nOut of this, this pre-commit hook and GitHub action have been developed. \n\nWe SOPS-encrypt the K8s secrets with following settings: `unencrypted_regex: \"^(apiVersion|metadata|kind|type)$\"`.\nThis hook and action check, whether the file has a top-level key called `sops:`.\n\nThe pre-commit hook and the action both ignore the files with the basename `.sops.yaml`, as that contains the SOPS-configuration.\n\n## pre-commit hook\n\n### Example usage\nJust add the following to your projects `.pre-commit-config.yaml`, to check whether all files that end in `.sops.yaml` are sops encrypted:\n\n```yaml\n# [...]\nrepos:\n  # [...]\n  - repo: https://github.com/Blueshoe/ensure-sops-pre-commit-and-action\n    rev: v1.0.0\n    hooks:\n      - id: forbid-unencrypted-sops\n        # only run this hook on files with .sops.yaml extension (excluding the actual .sops.yaml file)\n        files: .\\.sops\\.yaml$\n```\n\nKeep in mind, that the files to run it against need to be staged, i.e. run `git add .` (or something more specific) before running pre-commit.\n\n## GitHub action\n\n### Example usage \n```yaml\nname: \"Check for unencrypted SOPS files\"\n\non: [pull_request]\n\njobs:\n  sops-check:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v3\n      - name: \"Run SOPS encryption check\"\n        uses: blueshoe/ensure-sops-pre-commit-and-action@v1.1.0\n        # You can override the default file pattern like this:\n        # with:\n        #   files-pattern: '\"**/*.secret.yaml\"'\n    \n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblueshoe%2Fensure-sops-pre-commit-and-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fblueshoe%2Fensure-sops-pre-commit-and-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblueshoe%2Fensure-sops-pre-commit-and-action/lists"}