https://github.com/squat/pre-commit-sops
A pre-commit hook that detects SOPS secrets that are unencrypted or encrypted with the wrong key(s)
https://github.com/squat/pre-commit-sops
Last synced: 4 months ago
JSON representation
A pre-commit hook that detects SOPS secrets that are unencrypted or encrypted with the wrong key(s)
- Host: GitHub
- URL: https://github.com/squat/pre-commit-sops
- Owner: squat
- License: apache-2.0
- Created: 2024-01-24T07:34:35.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2025-08-11T17:30:34.000Z (11 months ago)
- Last Synced: 2025-10-18T22:12:22.730Z (9 months ago)
- Size: 11.7 KB
- Stars: 1
- Watchers: 1
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
[](https://results.pre-commit.ci/latest/github/squat/pre-commit-sops/main)
# pre-commit-sops
`pre-commit-sops` is a [pre-commit](https://pre-commit.com) hook that detects [SOPS](https://getsops.io) secrets that are unencrypted or encrypted with the wrong key(s). `pre-commit-sops` uses your `.sops.yaml` file to match files to the correct keys.
`pre-commit-sops` is conservative by default and checks all files with `secret` anywhere in the path; that means all files with `secret` in their name or under a directory with `secret` in the name must be encrypted. This rule can be adjusted by modifying the values of the `files` or `exclude` keys in the hook's configuration.
## Installation
Add this to your `.pre-commit-config.yaml`
```yaml
- repo: https://github.com/squat/pre-commit-sops
rev: 0.1.0
hooks:
- id: sops
```