{"id":25206654,"url":"https://github.com/peak-scale/sops-operator","last_synced_at":"2026-02-03T12:21:28.666Z","repository":{"id":275688952,"uuid":"923674439","full_name":"peak-scale/sops-operator","owner":"peak-scale","description":"Create SOPS Secrets on Kubernetes","archived":false,"fork":false,"pushed_at":"2026-01-28T14:39:54.000Z","size":64729,"stargazers_count":85,"open_issues_count":13,"forks_count":5,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-01-28T17:25:51.286Z","etag":null,"topics":["argocd","capsule","flux","gitops","kubernetes","secrets","sops"],"latest_commit_sha":null,"homepage":"https://killercoda.com/peakscale/course/solutions/multi-tenant-sops","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/peak-scale.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-01-28T17:06:02.000Z","updated_at":"2026-01-28T15:51:00.000Z","dependencies_parsed_at":"2025-03-02T17:57:25.931Z","dependency_job_id":"6a75bbbf-d3ed-45c5-b518-f33e6713baa5","html_url":"https://github.com/peak-scale/sops-operator","commit_stats":null,"previous_names":["peak-scale/sops-operator","oliverbaehler/sops-operator"],"tags_count":23,"template":false,"template_full_name":null,"purl":"pkg:github/peak-scale/sops-operator","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/peak-scale%2Fsops-operator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/peak-scale%2Fsops-operator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/peak-scale%2Fsops-operator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/peak-scale%2Fsops-operator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/peak-scale","download_url":"https://codeload.github.com/peak-scale/sops-operator/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/peak-scale%2Fsops-operator/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29045680,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-03T10:09:22.136Z","status":"ssl_error","status_checked_at":"2026-02-03T10:09:16.814Z","response_time":96,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["argocd","capsule","flux","gitops","kubernetes","secrets","sops"],"created_at":"2025-02-10T11:17:26.592Z","updated_at":"2026-02-03T12:21:28.606Z","avatar_url":"https://github.com/peak-scale.png","language":"Go","funding_links":[],"categories":["Go","Secret Management"],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n\u003ca href=\"https://github.com/peak-scale/sops-operator/releases/latest\"\u003e\n  \u003cimg alt=\"GitHub release (latest SemVer)\" src=\"https://img.shields.io/github/v/release/peak-scale/sops-operator?sort=semver\"\u003e\n\u003c/a\u003e\n\u003ca href=\"https://artifacthub.io/packages/search?repo=sops-operator\"\u003e\n  \u003cimg src=\"https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/sops-operator\" alt=\"Artifact Hub\"\u003e\n\u003c/a\u003e\n\u003ca href=\"https://app.fossa.com/projects/git%2Bgithub.com%2Fpeak-scale%2Fsops-operator?ref=badge_small\" alt=\"FOSSA Status\"\u003e\u003cimg src=\"https://app.fossa.com/api/projects/git%2Bgithub.com%2Fpeak-scale%2Fsops-operator.svg?type=small\"/\u003e\u003c/a\u003e\n\u003ca href=\"https://codecov.io/gh/peak-scale/capsule-argo-addon\"\u003e\n  \u003cimg src=\"https://codecov.io/gh/peak-scale/capsule-argo-addon/graph/badge.svg?token=26QLMNSN54\" alt=\"codecov\"\u003e\n\u003c/a\u003e\n\u003c/p\u003e\n\n\u003e [!IMPORTANT]\n\u003e Regarding the code, most of the SOPS implementation was taken from the [Flux kustomize-constroller](https://github.com/fluxcd/kustomize-controller/blob/main/internal/decryptor/decryptor.go) project. We have left the License-Header as-is, if further attribution is wished, please open an issue. We go the idea from the existing [sops-operator](https://github.com/isindir/sops-secrets-operator). However the implementation was not optimal for our use-cases, that's why we decided to release our own solution.\n\n# SOPS-Operator ❤️\n\n![SOPS](https://avatars.githubusercontent.com/u/129185620?s=48\u0026v=4)\n\nWe have always loved how [Flux handles Secrets with SOPS](https://fluxcd.io/flux/guides/mozilla-sops/), it's such a seamless experience. However we have noticed, that it's kind of hard to actually distribute keys to users in a kubernetes native way. That's why we built this operator. It introduces [Providers](docs/usage.md#providers), which essentially match Kubernetes resources which represent Keys or access to KMS stores. On the Provides you also declare, which [Secrets](docs/usage.md#secrets) you want to encrypt with that provider. **Currently only works with PGP and AGE for n-secrets** That leaves open that, N-providers can load private keys for one Secret, in complex scenarios. Also we want to provide a general solution to decrypting secrets, not a solution which is dependent on a gitops engine.\n\n\n## Concept\n\nThis Operators introduces the concept of [SopsProviders](./docs/usage.md#providers). `SopsProviders` are created by Cluster-Administrators and are essentially a connecting-piece for collecting private-keys and [`SopsSecrets`](./docs/usage.md#sopssecrets), which can use these keys for decryption.\n\nWith this option an Kubernetes users may manage their own keys and [`SopsSecrets`](./docs/usage.md#sopssecrets). The implementation of `SopsSecrets` allows them to be applied to the Kubernetes API with sops encryption-meta. The entire decryption happens within the cluster. So a `SopsSecret` is applied the way it's stored eg. in git.\n\n![Sops Operator](./docs/assets/sops-operator.drawio.png)\n\n## Documentation\n\nSee the [Documentation](docs/README.md) for more information on how to use this addon.\n\n## Demo\n\nSpin up a live demonstration of the addon on Killercoda:\n\n- [https://killercoda.com/peakscale/course/solutions/multi-tenant-sops](https://killercoda.com/peakscale/course/solutions/multi-tenant-sops)\n\n## Support\n\nThis addon is developed by the community. For enterprise support (production ready setup,tailor-made features) reach out to [Peak Scale](https://peakscale.ch/en/)\n\n## License\n\nCopyright 2024.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n\n\n[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fpeak-scale%2Fsops-operator.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2Fpeak-scale%2Fsops-operator?ref=badge_large)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpeak-scale%2Fsops-operator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpeak-scale%2Fsops-operator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpeak-scale%2Fsops-operator/lists"}