https://github.com/red-lichtie/sops-pre-commit-hook
Ensure secrets are encrypted using CNCF sops - git pre-commit-hook
https://github.com/red-lichtie/sops-pre-commit-hook
cncf git kubernetes secrets sops
Last synced: 2 months ago
JSON representation
Ensure secrets are encrypted using CNCF sops - git pre-commit-hook
- Host: GitHub
- URL: https://github.com/red-lichtie/sops-pre-commit-hook
- Owner: red-lichtie
- License: lgpl-3.0
- Created: 2025-02-15T14:00:26.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2025-02-22T08:46:04.000Z (over 1 year ago)
- Last Synced: 2025-05-19T11:45:40.935Z (about 1 year ago)
- Topics: cncf, git, kubernetes, secrets, sops
- Language: Python
- Homepage: https://github.com/red-lichtie/sops-pre-commit-hook
- Size: 12.7 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
Awesome Lists containing this project
README
# sops-pre-commit-hook
Ensure that secrets are encrypted using sops before commiting to git.
## Links
* Requires: [pre-commit](https://pre-commit.com/)
* Requires: [sops](https://github.com/getsops)
* [CNCF - sops](https://www.cncf.io/projects/sops/)
* [CNCF - Landscape](https://landscape.cncf.io/)
## Configuration file `.sops.yaml` exists
It looks for the sops configuration file `.sops.yaml` in the project root
or anywhere in the path above the file being tested.
If this file is found and it contains `creation_rules`, then the value of
`path_regex` for each of the defined rules is used to check if a file should
be encrypted or not.
If a file name doesn't match any of the defined values for `path_regex` it
will **NOT** be evaluated.
## No configuration file `.sops.yaml` exists
**ONLY** when no configuration file is found, then all `.*.ya?ml` files are checked
as having `kind: secret`, then they are evaluated.
## Installation
Enable this hook by adding this to your project's `.pre-commit-config.yaml`
```yaml
repos:
- repo: https://github.com/red-lichtie/sops-pre-commit-hook
rev: v1.1.1
hooks:
- id: sops-pre-commit-hook
```
## License
This software is licensed under the LGPL V3 license (see the [LICENSE](LICENSE.md) file).