Securely store secrets in Git using SOPS and Azure Key Vault

18 Jan, 2023
Xebia Background Header Wave

When implementing GitOps as your continuous delivery process Git becomes the single source of truth for deployments. Kubernetes is a declarative system which means you specify the desired state in YAML files. For this reason, GitOps is often used as a continuous delivery process for Kubernetes. The YAML files are stored in version control, and a GitOps tool like ArgoCD compares the desired state (Git) with the current state and applies changes to Kubernetes. Secrets are also part of Kubernetes deployments and are stored in version control as well. It’s essential to encrypt them before committing to Git. SOPS is a popular CLI tool to encrypt secrets. It integrates with Azure Key Vault to implement envelope encryption.

This article explains how you can encrypt secrets using SOPS and Azure Key Vault.

Read the full post on my blog


Get in touch with us to learn more about the subject and related solutions

Explore related posts