{"id":13587599,"url":"https://github.com/zendesk/helm-secrets","last_synced_at":"2025-09-27T10:32:04.630Z","repository":{"id":41556620,"uuid":"89683266","full_name":"zendesk/helm-secrets","owner":"zendesk","description":"DEPRECATED A helm plugin that help manage secrets with Git workflow and store them anywhere","archived":true,"fork":false,"pushed_at":"2020-12-23T08:32:38.000Z","size":274,"stargazers_count":1155,"open_issues_count":66,"forks_count":155,"subscribers_count":48,"default_branch":"master","last_synced_at":"2025-05-14T11:50:57.527Z","etag":null,"topics":["decryption","encryption","encryption-tool","helm","helm-charts","helm-plugin","k8s","kms","kubernetes","kubernetes-secrets","pgp","secret-management","secrets","secrets-stored","sops"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zendesk.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-04-28T08:04:54.000Z","updated_at":"2025-04-10T00:51:36.000Z","dependencies_parsed_at":"2022-09-01T09:11:02.192Z","dependency_job_id":null,"html_url":"https://github.com/zendesk/helm-secrets","commit_stats":null,"previous_names":["futuresimple/helm-secrets"],"tags_count":18,"template":false,"template_full_name":null,"purl":"pkg:github/zendesk/helm-secrets","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zendesk%2Fhelm-secrets","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zendesk%2Fhelm-secrets/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zendesk%2Fhelm-secrets/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zendesk%2Fhelm-secrets/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zendesk","download_url":"https://codeload.github.com/zendesk/helm-secrets/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zendesk%2Fhelm-secrets/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":277219033,"owners_count":25781447,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-27T02:00:08.978Z","response_time":73,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["decryption","encryption","encryption-tool","helm","helm-charts","helm-plugin","k8s","kms","kubernetes","kubernetes-secrets","pgp","secret-management","secrets","secrets-stored","sops"],"created_at":"2024-08-01T15:06:16.918Z","updated_at":"2025-09-27T10:32:04.383Z","avatar_url":"https://github.com/zendesk.png","language":"Shell","funding_links":[],"categories":["Shell"],"sub_categories":[],"readme":"\n[![License](https://img.shields.io/github/license/zendesk/helm-secrets.svg)](https://github.com/zendesk/helm-secrets/blob/master/LICENSE)\n[![No Maintenance Intended](http://unmaintained.tech/badge.svg)](http://unmaintained.tech/)\n[![Current Release](https://img.shields.io/github/release/zendesk/helm-secrets.svg)](https://github.com/zendesk/helm-secrets/releases/latest)\n[![Production Ready](https://img.shields.io/badge/production-ready-green.svg)](https://github.com/zendesk/helm-secrets/releases/latest)\n[![GitHub issues](https://img.shields.io/github/issues/zendesk/helm-secrets.svg)](https://github.com/zendesk/helm-secrets/issues)\n[![GitHub pull requests](https://img.shields.io/github/issues-pr/zendesk/helm-secrets.svg?style=flat-square)](https://github.com/zendesk/helm-secrets/pulls)\n\n# Deprecation information \n\nPlease note, this project is no longer being maintained.\nThere is an active fork [jkroepke/helm-secrets](https://github.com/jkroepke/helm-secrets) and we will also contribute our future changes to it. \n\n# Plugin for secrets management in Helm\n\nDeveloped and used in all environments in [BaseCRM](https://getbase.com/).\n\n# how we use it ?\n\nWe store secrets and values in ```helm_vars``` dir structure just like in this repository example dir. All this data versioned in GIT.\nWorking in teams on multiple projects/regions/envs and multiple secrets files at once.\nWe have Makefile in our Helm charts repo to simplify install helm-secrets plugin with helm and other stuff we use. Same Makefile used to rebuild all helm charts with dependencies and some other everyday helpers.\nEncrypting, Decrypting, Editing secrets on local clones, making #PR's and storing this in our helm charts repo encrypted with PGP, AWS KMS and GCP KMS.\nDeploying using helm-wrapper from local or from CI with same charts and secrets/values from GIT repository.\n\n# Main features\n\nA first internal version of the plugin used pure PGP and the whole secret file was encrypted as one.\nA current version of the plugin using Golang sops as backend which could be integrated in future into Helm itself, but currently, it is only shell wrapper.\n\nWhat kind of problems this plugin solves:\n* Simple replaceable layer integrated with helm command for encrypting, decrypting, view secrets files stored in any place. Currently using SOPS as backend.\n* [Support for YAML/JSON structures encryption - Helm YAML secrets files](https://github.com/mozilla/sops#important-information-on-types)\n* [Encryption per value where visual Diff should work even on encrypted files](https://github.com/mozilla/sops/blob/master/example.yaml)\n* [On the fly decryption for git diff](https://github.com/mozilla/sops#showing-diffs-in-cleartext-in-git)\n* On the fly decryption and cleanup for helm install/upgrade with a helm command wrapper\n* [Multiple key management solutions like PGP, AWS KMS and GCP KMS at same time](https://github.com/mozilla/sops#using-sops-yaml-conf-to-select-kms-pgp-for-new-files)\n* [Simple adding/removing keys](https://github.com/mozilla/sops#adding-and-removing-keys)\n* [With AWS KMS permissions management for keys](https://aws.amazon.com/kms/)\n* [Secrets files directory tree separation with recursive .sops.yaml files search](https://github.com/mozilla/sops#using-sops-yaml-conf-to-select-kms-pgp-for-new-files)\n* [Extracting sub-elements from encrypted file structure](https://github.com/mozilla/sops#extract-a-sub-part-of-a-document-tree)\n* [Encrypt only part of a file if needed](https://github.com/mozilla/sops#encrypting-only-parts-of-a-file). [Example encrypted file](https://github.com/mozilla/sops/blob/master/example.yaml)\n\n## Moving parts of project\n\n```helm-wrapper``` - It is not a part of Helm project itself. It is a just simple wrapper in the shell that runs helm within but wrapping secret decryption and cleaning on-the-fly, before and after Helm run. It is created from install-binary.sh in helm-secrets plugin install process as hook action making the symlink to wrapper.sh. This should be used as default command to operate with Helm client with helm-secrets installed.\n\n```test.sh``` - Test script to check if all parts of the plugin work. Using example dir with vars structure and PGP keys to make real tests on real data with real encryption/decryption.\n\n```install-binary.sh``` - Script used as the hook to download and install sops and install git diff configuration for helm-secrets files.\n\n```secrets.sh``` - Main helm-secrets plugin code for all helm-secrets plugin actions available in ```helm secrets help``` after plugin install\n\n## Installation and Dependencies\n\n#### SOPS install\nJust install the plugin using ```helm plugin install https://github.com/zendesk/helm-secrets``` and sops will be installed as part of it, using hook when helm \u003e 2.3.x\n\nYou can always install manually in MacOS as below:\n```\nbrew install sops\n```\nFor Linux RPM or DEB, sops is available here: [Dist Packages](https://github.com/mozilla/sops/releases)\n\n#### SOPS git diff\nGit config part is installed with the plugin, but to be fully functional the following needs to be added to the ```.gitattributes``` file in the root directory of a charts repo:\n```\nsecrets.yaml diff=sopsdiffer\nsecrets.*.yaml diff=sopsdiffer\n```\nMore info on [sops page](https://github.com/mozilla/sops#showing-diffs-in-cleartext-in-git)\n\n#### Using Helm plugin manager (\u003e 2.3.x)\n\nAs already described above,\n```\nhelm plugin install https://github.com/zendesk/helm-secrets \n```\n\n#### For Pre Helm 2.3.0 Installation\nGet a release tarball from the [releases](https://github.com/zendesk/helm-secrets/releases) page.\n\nUnpack the tarball in your helm plugins directory (```$(helm home)/plugins```).\n\nFor example:\n```\ncurl -L $TARBALL_URL | tar -C $(helm home)/plugins -xzv\n```\n#### Helm-wrapper configuration\nBy default, helm-wrapper is not configured to encrypt/decrypt secrets.yaml in charts templates. They are treated as templates and values from specific secrets/value files should be used in these templates as a reference from helm itself.\nSet you own options as ENV variables if you like to overwrite default kms enabled and decrypt charts disabled.\n```\nDECRYPT_CHARTS=false helm-wrapper...\n```\n## Usage and examples\n\n```\n$ helm secrets help\nGnuPG secrets encryption in Helm Charts\n\nThis plugin provides ability to encrypt/decrypt secrets files\nto store in less secure places, before they are installed using\nHelm.\n\nTo decrypt/encrypt/edit you need to initialize/first encrypt secrets with\nsops - https://github.com/mozilla/sops\n\nAvailable Commands:\n  enc           Encrypt secrets file\n  dec           Decrypt secrets file\n  view          Print secrets decrypted\n  edit          Edit secrets file and encrypt afterwards\n  clean         Remove all decrypted files in specified directory (recursively)\n  install       wrapper that decrypts secrets[.*].yaml files before running helm install\n  template      wrapper that decrypts secrets[.*].yaml files before running helm template\n  upgrade       wrapper that decrypts secrets[.*].yaml files before running helm upgrade\n  lint          wrapper that decrypts secrets[.*].yaml files before running helm lint\n  diff          wrapper that decrypts secrets[.*].yaml files before running helm diff\n                  (diff is a helm plugin)\n```\n\nBy convention, files containing secrets are named `secrets.yaml`, or anything beginning with \"secrets.\" and ending with \".yaml\". E.g. `secrets.test.yaml` and `secrets.prod.yaml`.\n\nDecrypted files have the suffix \".yaml.dec\" by default. This can be changed using the `HELM_SECRETS_DEC_SUFFIX` environment variable.\n\n#### Basic commands:\n```\n  enc           Encrypt secrets file\n  dec           Decrypt secrets file\n  view          Print decrypted secrets file\n  edit          Edit secrets file (decrypt before and encrypt after)\n  clean         Delete *.yaml-dec files in directory (recursively)\n```\nEach of these commands have their own help.\n\n## Use case and workflow\n\n#### Usage examples\n\nNote: You need to run `gpg --import example/pgp/project{x,y}.asc` in order to successfully decrypt secrets included in the examples\n\n##### Decrypt\n\nThe decrypt operation decrypts a secrets.yaml file and saves the decrypted result in secrets.yaml.dec:\n```\n$ helm secrets dec example/helm_vars/projectX/sandbox/us-east-1/java-app/secrets.yaml\nDecrypting example/helm_vars/projectX/sandbox/us-east-1/java-app/secrets.yaml\n```\n\nThe secrets.yaml.dec file:\n```\nsecret_sandbox_projectx: secret_foo_123\n```\n\nNote that if the secrets.yaml.dec file already exists and is newer than secrets.yaml, it will not be overwritten:\n```\n$ helm secrets dec example/helm_vars/projectX/sandbox/us-east-1/java-app/secrets.yaml\nDecrypting example/helm_vars/projectX/sandbox/us-east-1/java-app/secrets.yaml\nexample/helm_vars/projectX/sandbox/us-east-1/java-app/secrets.yaml.dec is newer than example/helm_vars/projectX/sandbox/us-east-1/java-app/secrets.yaml\n```\n\n##### Encrypt\n\nThe encrypt operation encrypts a secrets.yaml.dec file and saves the encrypted result in secrets.yaml:\n\nIf you initially have an unencrypted secrets.yaml file, it will be used as input and will be overwritten:\n\n```\n$ helm secrets enc example/helm_vars/projectX/sandbox/us-east-1/java-app/secrets.yaml\nEncrypting example/helm_vars/projectX/sandbox/us-east-1/java-app/secrets.yaml\nEncrypted example/helm_vars/projectX/sandbox/us-east-1/java-app/secrets.yaml\n```\n\nIf you already have an encrypted secrets.yaml file and a decrypted secrets.yaml.dec file, encrypting will encrypt secrets.yaml.dec to secrets.yaml:\n```\n$ helm secrets dec example/helm_vars/projectX/sandbox/us-east-1/java-app/secrets.yaml\nDecrypting example/helm_vars/projectX/sandbox/us-east-1/java-app/secrets.yaml\n$ helm secrets enc example/helm_vars/projectX/sandbox/us-east-1/java-app/secrets.yaml\nEncrypting example/helm_vars/projectX/sandbox/us-east-1/java-app/secrets.yaml\nEncrypted example/helm_vars/projectX/sandbox/us-east-1/java-app/secrets.yaml.dec to example/helm_vars/projectX/sandbox/us-east-1/java-app/secrets.yaml\n```\n##### View\nThe view operation decrypts secrets.yaml and prints it to stdout:\n```\n$ helm secrets view example/helm_vars/projectX/sandbox/us-east-1/java-app/secrets.yaml\nsecret_sandbox_projectx: secret_foo_123\n```\n##### Edit\nThe edit operation will decrypt the secrets.yaml file and open it in an editor. If the file is modified, it will be encrypted again after you exit the editor.\n\n```\n$ helm secrets edit example/helm_vars/projectX/sandbox/us-east-1/java-app/secrets.yaml\n```\nThere is new feature in SOPS master that allows using $EDITOR to specify editor used by sops but not released yet.\n\n##### Clean\n\nThe operation will delete all decrypted files in a directory, recursively:\n\n```\n$ helm secrets clean example/helm_vars/projectX/sandbox/us-east-1/java-app/\nremoved example/helm_vars/projectX/sandbox/us-east-1/java-app/secrets.yaml.dec\n```\n\nIf you use git there is commit hook that prevents commiting decrypted files and you can add all *.yaml.dec files in you repository ```.gitignore``` file.\n\n#### Summary\n\n* Values/Secrets data are not a part of the chart. You need to manage your values, public charts contains mostly defaults without secrets - data vs code\n* To use the helm-secrets plugin you should build your ```.sops.yaml``` rules to make everything automatic\n* Use helm secrets \u003cenc|dec|view|edit\u003e for everyday work with you secret yaml files\n* Use version control systems like GIT to work in teams and get history of versions\n* Everyday search keys is simple even with encrypted files or decrypt on-the-fly with git diff config included\n* With example helm_vars you can manage multiple world locations with multiple projects that contain multiple environments\n* With the helm wrapper you can easily run \"helm secrets install/upgrade/rollback\" with secrets files included as ```-f``` option from you helm_vars values dir tree.\n\nWe use vars for Helm Charts from separate directory tree with the structure like this:\n```\nhelm_vars/\n├── .sops.yaml\n├── projectX\n|   ├── .sops.yaml\n│   ├── production\n│   │   └── us-east-1\n│   │       └── java-app\n│   │           └── hello-world\n│   │               ├── secrets.yaml\n│   │               └── values.yaml\n│   ├── sandbox\n│   │   └── us-east-1\n│   │       └── java-app\n│   │           └── hello-world\n│   │               ├── secrets.yaml\n│   │               └── values.yaml\n|   ├── secrets.yaml\n│   └── values.yaml\n├── projectY\n|   ├── .sops.yaml\n│   ├── production\n│   │   └── us-east-1\n│   │       └── java-app\n│   │           └── hello-world\n│   │               ├── secrets.yaml\n│   │               └── values.yaml\n│   ├── sandbox\n│   │   └── us-east-1\n│   │       └── java-app\n│   │           └── hello-world\n│   │               ├── secrets.yaml\n│   │               └── values.yaml\n|   ├── secrets.yaml\n│   └── values.yaml\n├── secrets.yaml\n└── values.yaml\n```\nAs you can see we can run different PGP or KMS keys per project, globally or per any tree level. Thanks to this we can isolate tree on different CI/CD instances using same GIT repository.\nAs we use simple -f option when running the helm wrapper we can just use encrypted secrets.yaml and all these secrets will be decrypted and cleaned on the fly before and after helm run.\n\n```.sops.yaml``` file example\n```\n---\ncreation_rules:\n        # Encrypt with AWS KMS\n        - kms: 'arn:aws:kms:us-east-1:222222222222:key/111b1c11-1c11-1fd1-aa11-a1c1a1sa1dsl1+arn:aws:iam::222222222222:role/helm_secrets'\n\n        # Encrypt using GCP KMS\n        - gcp_kms: projects/mygcproject/locations/global/keyRings/mykeyring/cryptoKeys/thekey\n\n        # As failover encrypt with PGP\n        - pgp: '000111122223333444AAAADDDDFFFFGGGG000999'\n\n        # For more help look at https://github.com/mozilla/sops\n```\nMultiple KMS and PGP are allowed.\n\nEverything is described in SOPS docs - links in this project description.\n\n## Helm Wrapper\n\nRunning helm to install/upgrade chart with our secrets files is simple with the included helm wrapper which will decrypt on-the-fly and use decrypted secrets files in the actual helm command.\n\n#### Wrapped commands\n```\n  install       run \"helm install\" with decrypted secrets files\n  upgrade       run \"helm upgrade\" with decrypted secrets files\n  lint          run \"helm lint\" with decrypted secrets files\n  diff          run \"helm diff\" with decrypted secrets files\n```\n\nThe wrapper enables you to call these helm commands with on-the-fly decryption of secrets files passed as `-f` or `--values` arguments. Instead of calling e.g. `helm install ...` you can call `helm secrets install ...` to get on-the-fly decryption.\n\nThe diff command is a separate helm plugin, [helm-diff](\u003chttps://github.com/databus23/helm-diff\u003e). Using it you can view the changes that would be deployed before deploying. In the same way as above, instead of calling e.g. `helm diff upgrade ...` you can call `helm secrets diff upgrade ...`, and so on.\n\nNote that if a decrypted secrets.yaml.dec file exists and is newer then the secrets.yaml file, it will be used in the wrapped command rather than decrypting secrets.yaml. \n\nReal example of the helm wrapper usage with simple java helloworld application.\n```\nAWS_PROFILE=sandbox helm secrets upgrade \\\n  helloworld \\\n  stable/java-app \\\n  --install \\\n  --timeout 600 \\\n  --wait \\\n  --kube-context=sandbox \\\n  --namespace=projectx \\\n  --set global.app_version=bff8fc4 \\\n  -f helm_vars/projectx/sandbox/us-east-1/java-app/helloworld/secrets.yaml \\\n  -f helm_vars/projectx/sandbox/us-east-1/java-app/helloworld/values.yaml \\\n  -f helm_vars/secrets.yaml \\\n  -f helm_vars/values.yaml\n\nRelease \"helloworld\" has been upgraded. Happy Helming!\nLAST DEPLOYED: Fri May  5 13:27:01 2017\nNAMESPACE: projectx\nSTATUS: DEPLOYED\n\nRESOURCES:\n==\u003e extensions/v1beta1/Deployment\nNAME        DESIRED  CURRENT  UP-TO-DATE  AVAILABLE  AGE\nhelloworld  3        3        3           2          1h\n\n==\u003e v1/Secret\nNAME        TYPE    DATA  AGE\nhelloworld  Opaque  10    1h\n\n==\u003e v1/ConfigMap\nNAME        DATA  AGE\nhelloworld  2     1h\n\n==\u003e v1/Service\nNAME        CLUSTER-IP      EXTERNAL-IP  PORT(S)   AGE\nhelloworld  100.65.221.245  \u003cnone\u003e       8080/TCP  1h\n\nNOTES:\nDeploy success helloworld-bff8fc4 in namespace projectx\n\nremoved helm_vars/projectx/sandbox/us-east-1/java-app/helloworld/secrets.yaml.dec\nremoved helm_vars/secrets.yaml.dec\n```\nYou can see that we use a global secrets file and a specific secrets file for this app in this project/environment/region. We use some plain value files next to secrets. We use values from secrets in some secrets template in helloworld application chart template and some values are used in the configmap template in the same chart. Some values are added as env variables in deployment manifest templates in the chart. As you can see we can use secrets and values in helm in many ways. Everything depends on use case.\n\nEven when helm failed then decrypted files are cleaned\n```\nAWS_PROFILE=sandbox helm-wrapper upgrade \\\n  helloworld \\\n  stable/java-app \\\n  --install \\\n  --timeout 600 \\\n  --wait \\\n  --kube-context=wrongcontext \\\n  --namespace=projectx \\\n  --set global.app_version=bff8fc4 \\\n  -f helm_vars/projectx/sandbox/us-east-1/java-app/helloworld/secrets.yaml \\\n  -f helm_vars/projectx/sandbox/us-east-1/java-app/helloworld/values.yaml \\\n  -f helm_vars/secrets.yaml \\\n  -f helm_vars/values.yaml\n\nError: could not get kubernetes config for context 'wrongcontext': context \"wrongcontext\" does not exist\n\nremoved helm_vars/projectx/sandbox/us-east-1/java-app/helloworld/secrets.yaml.dec\nremoved helm_vars/secrets.yaml.dec\n```\n#### Using secret values in Helm chart secrets template\n\nWe just need to create Kubernetes secrets template in chart templates dir.\nFor example in your charts repo you have `stable/helloworld/`. Inside this chart you should have `stable/helloworld/templates/` dir and then create the `stable/helloworld/templates/secrets.yaml` file with content as specified bellow.\n\n```\napiVersion: v1\nkind: Secret\nmetadata:\n  name: helloworld\n  labels:\n    app: helloworld\n    chart: \"{{ .Chart.Name }}-{{ .Chart.Version }}\"\n    release: \"{{ .Release.Name }}\"\n    heritage: \"{{ .Release.Service }}\"\ntype: Opaque\ndata:\n  my_secret_key: {{ .Values.secret_sandbox_helloworld | b64enc | quote }}\n```\n\nIn this example you have a Kubernetes secret named \"helloworld\" and data inside this secret will be filled in from values defined in `-f helm_vars/projectx/sandbox/us-east-1/java-app/helloworld/secrets.yaml`. We use `.Values.secret_sandbox_helloworld` to refer to the value in the decrypted secret file. In this way, the value from the decrypted `helm_vars/projectx/sandbox/us-east-1/java-app/helloworld/secrets.yaml` will be available as `my_secret_key` in Kubernetes.\n\nYou can now use the \"helloworld\" secret in your deployment manifest (or any other manifest supporting secretKeyRef) in the env section like this:\n```\napiVersion: extensions/v1beta1\nkind: Deployment\n...\n...\n        containers:\n        ...\n        ...\n          env:\n            - name: my_new_secret_key\n              valueFrom:\n                secretKeyRef:\n                  name: helloworld\n                  key: my_secret_key\n```\n## Important Tips\n\n#### Prevent committing decrypted files to git\nIf you like to secure situation when decrypted file is committed by mistake to git you can add your secrets.yaml.dec files to you charts project repository `.gitignore`.\n\nA second level of security is to add for example a `.sopscommithook` file inside your chart repository local commit hook.\n\nThis will prevent committing decrypted files without sops metadata.\n\n`.sopscommithook` content example:\n```\n#!/bin/sh\n\nfor FILE in $(git diff-index HEAD --name-only | grep \u003cyour vars dir\u003e | grep \"secrets.y\"); do\n    if [ -f \"$FILE\" ] \u0026\u0026 ! grep -C10000 \"sops:\" $FILE | grep -q \"version:\"; then\n        echo \"!!!!! $FILE\" 'File is not encrypted !!!!!'\n        echo \"Run: helm secrets enc \u003cfile path\u003e\"\n        exit 1\n    fi\ndone\nexit\n```\n\n## Copyright and license\n\nCopyright 2017 Zendesk\n\nLicensed under the [Apache License, Version 2.0](LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzendesk%2Fhelm-secrets","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzendesk%2Fhelm-secrets","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzendesk%2Fhelm-secrets/lists"}