Dan ⁂<p>finally found some time to play with <a href="https://beoriginal.social/tags/SOPS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SOPS</span></a> (<a href="https://getsops.io/docs/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">getsops.io/docs/</span><span class="invisible"></span></a>) and migrated a project to it. seems like a good replacement and optimization for our current secrets sharing workflow. also super useful that it works with both <a href="https://beoriginal.social/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a>/ <a href="https://beoriginal.social/tags/GPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GPG</span></a> and <a href="https://beoriginal.social/tags/age" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>age</span></a> keys</p>
ohai.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A cozy, fast and secure Mastodon server where everyone is welcome. Run by the folks at ohai.is.
Administered by:
Server stats:
1.8Kactive users
ohai.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.0-nightly.2025-04-15
#SOPS
0 posts · 0 participants · 0 posts today
Vesa-Pekka Tuomaala<p>Nyt kun oon muutaman päivän vääntäny sops-nixin ja syncthingin parissa, niin tänään vois käydä oikeesti harrastamassa liikuntaa maastopyöräilyn muodossa <a href="https://mastodontti.fi/tags/sops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sops</span></a> <a href="https://mastodontti.fi/tags/syncthing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>syncthing</span></a> <a href="https://mastodontti.fi/tags/biketooter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>biketooter</span></a> <a href="https://mastodontti.fi/tags/Py%C3%B6r%C3%A4ilydontti" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pyöräilydontti</span></a></p>
Sean Hood<p>It works! Taking mozilla/sops and <a href="https://hachyderm.io/tags/puppet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>puppet</span></a> <a href="https://hachyderm.io/tags/hiera" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hiera</span></a> and making them one! I do love hiera_eyaml but <a href="https://hachyderm.io/tags/sops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sops</span></a> is just 10x better.</p><p>```<br>$ puppet lookup --hiera_config=spec/fixtures/hiera.yaml --modulepath=~/git/hiera-sops nested::data<br>---<br>thing1:<br>- one<br>- two<br>thing2:<br>- three<br>- four<br>```</p>
Soliman Hindy<p>Conférence : « <a href="https://mastodon.lovetux.net/tags/SOPS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SOPS</span></a> (de près), passez un savon à vos secrets en clair ! » <a href="https://mastodon.lovetux.net/tags/tnt25" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tnt25</span></a></p>
Eddie Roger<p>After a few nights and weekends of mashing keys, I have figured the right order to bring up a <a href="https://hachyderm.io/tags/nixos" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nixos</span></a> instance built for <a href="https://hachyderm.io/tags/proxmox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>proxmox</span></a>, provision it with <a href="https://hachyderm.io/tags/colmena" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>colmena</span></a>, shove secrets on it with <a href="https://hachyderm.io/tags/sops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sops</span></a>, bring up a docker container, and get it on my <span class="h-card" translate="no"><a href="https://hachyderm.io/@tailscale" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tailscale</span></a></span> <a href="https://hachyderm.io/tags/tailnet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tailnet</span></a>. I don’t know how many times I nearly gave up, but it paid off, and I’m thrilled. </p><p>Now to do it again.</p>
Shine<p>Secrets management via <a href="https://techhub.social/tags/SOPS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SOPS</span></a> and HashiCorp <a href="https://techhub.social/tags/Vault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vault</span></a>:<br>1. Store secrets in a Git repository as SOPS-encrypted files.<br>2. <a href="https://techhub.social/tags/Terraform" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Terraform</span></a> gains read access to secrets during provisioning, e.g., via Google KMS.<br>3. <a href="https://techhub.social/tags/Terraform" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Terraform</span></a> uses the vault_kv_secret_v2 module to inject secrets into Vault.<br>4. Applications consume secrets directly from Vault or through Kubernetes integration.</p><p>This approach separates long-term and runtime secrets storage, enhancing <a href="https://techhub.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> and flexibility.</p>
michabbb<p>🔧 <a href="https://social.vivaldi.net/tags/Sidekick" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sidekick</span></a> transforms bare metal <a href="https://social.vivaldi.net/tags/VPS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VPS</span></a> into a production-ready hosting platform for streamlined <a href="https://social.vivaldi.net/tags/DevOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevOps</span></a></p><p>🚀 Key Features:<br>• Single-command VPS setup integrating <a href="https://social.vivaldi.net/tags/Docker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Docker</span></a>, <a href="https://social.vivaldi.net/tags/Traefik" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Traefik</span></a>, and <a href="https://social.vivaldi.net/tags/SOPS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SOPS</span></a> encryption<br>• Zero-downtime deployments with high availability and load balancing<br>• Automatic SSL certificate management with <a href="https://social.vivaldi.net/tags/sslip" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sslip</span></a>.io support<br>• Secure secrets management through encrypted environment files</p><p>💻 Technical Highlights:<br>• Runs on Ubuntu LTS systems<br>• Requires only SSH key access and public IP<br>• Supports preview environments tied to git commits<br>• Direct container deployment from Dockerfiles</p><p>💪 Platform Benefits:<br>• Escape vendor lock-in<br>• Affordable hosting ($8/month DigitalOcean instance)<br>• Simple CLI-based management<br>• Built-in security best practices</p><p>Source: <a href="https://github.com/MightyMoud/sidekick" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/MightyMoud/sidekick</span><span class="invisible"></span></a></p>
David Guillot<p>📣 New <a href="https://social.tchncs.de/tags/webdev" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>webdev</span></a> related blog post here, introducing my take on what a <a href="https://social.tchncs.de/tags/Django" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Django</span></a> project template could be for an advanced usage. Obviously <a href="https://social.tchncs.de/tags/astraluv" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>astraluv</span></a> is there, but also <a href="https://social.tchncs.de/tags/justsystems" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>justsystems</span></a> , <a href="https://social.tchncs.de/tags/esbuild" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>esbuild</span></a> , and... <a href="https://social.tchncs.de/tags/SOPS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SOPS</span></a> 🔐 </p><p>It's very early stage so please tell me what do you think about it 🙏</p><p><a href="https://david.guillot.me/en/posts/tech/proposal-for-a-django-project-template/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">david.guillot.me/en/posts/tech</span><span class="invisible">/proposal-for-a-django-project-template/</span></a></p>
Benedikt Ritter (he/him)<p>I made my first contribution to a Go project today! 🎉 <a href="https://github.com/cromefire/fritzbox-cloudflare-dyndns/pull/31" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/cromefire/fritzbox-</span><span class="invisible">cloudflare-dyndns/pull/31</span></a> This is going to make it easier to specify secrets in my home lab setup using sops.<br><a href="https://chaos.social/tags/GoLang" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GoLang</span></a> <a href="https://chaos.social/tags/HomeLab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HomeLab</span></a> <a href="https://chaos.social/tags/NixOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NixOS</span></a> <a href="https://chaos.social/tags/sops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sops</span></a></p>
dereulenspiegel<p>Maybe interesting for some: I built a small little tool which makes your secrets on <a href="https://chaos.social/tags/nixos" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nixos</span></a> (i.e. managed by sops-nix) available as <a href="https://chaos.social/tags/podman" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>podman</span></a> secrets. <a href="https://github.com/dereulenspiegel/nix-podman-secrets" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/dereulenspiegel/nix</span><span class="invisible">-podman-secrets</span></a><br><a href="https://chaos.social/tags/nix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nix</span></a> <a href="https://chaos.social/tags/sops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sops</span></a></p>
Shine<p>The best thing in <a href="https://techhub.social/tags/SOPS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SOPS</span></a> is its awesome integration into <a href="https://techhub.social/tags/Terraform" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Terraform</span></a> stack: sops_decrypt_file -> yamldecode, and you have your variables available in the scope right away.</p>
Morten Linderud<p>Okay, <a href="https://chaos.social/tags/sops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sops</span></a> gives me a datakey to encrypt. I have an ECDSA key and <a href="https://chaos.social/tags/sops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sops</span></a> doesn't give me any medium for a shared secret where I can do ECDH.</p><p>Do I yolo it and include a session key inside the ciphertext (which is what the age ciphertext does) or is there a more clever way?</p><p><a href="https://chaos.social/tags/cryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cryptography</span></a> <a href="https://chaos.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a></p>
Filip 🌱 🦀<p><span class="h-card" translate="no"><a href="https://mastodon.online/@sebhoss" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>sebhoss</span></a></span> im alone, but i want the repo to be public and i want to be able to rotate secrets decently easy. Cluster management will be done with <a href="https://infosec.exchange/tags/Flux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Flux</span></a>, and hosting will be on bare metal, outside of the big players - i.e. AWS, Azure. Do you think <a href="https://infosec.exchange/tags/SOPS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SOPS</span></a> is fine in this case?</p><p><a href="https://infosec.exchange/tags/FluxCD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FluxCD</span></a></p>
Filip 🌱 🦀<p>I am suffering from decision paralysis, because I have no idea if I should use <a href="https://infosec.exchange/tags/SOPS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SOPS</span></a> for my secrets or if it will be a better idea to use <a href="https://infosec.exchange/tags/ExternalSecrets" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ExternalSecrets</span></a> with <a href="https://infosec.exchange/tags/Bitwarden" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Bitwarden</span></a> <a href="https://infosec.exchange/tags/SecretsManager" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecretsManager</span></a>…<br>Any <a href="https://infosec.exchange/tags/DevOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevOps</span></a> engineers that are kind enough to help with advice?</p><p><a href="https://infosec.exchange/tags/k8s" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>k8s</span></a> <a href="https://infosec.exchange/tags/k3s" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>k3s</span></a> <a href="https://infosec.exchange/tags/kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kubernetes</span></a> <a href="https://infosec.exchange/tags/BitwardenSM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BitwardenSM</span></a> <a href="https://infosec.exchange/tags/BitwardenSecretsManager" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BitwardenSecretsManager</span></a></p>
Matic Rupnik<p>Finally got to finishing this sack of words. Have a read if you will:</p><p><a href="https://mrupnikm.github.io/en/posts/helm-sops-secrets/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mrupnikm.github.io/en/posts/he</span><span class="invisible">lm-sops-secrets/</span></a></p><p><a href="https://mastodon.social/tags/sops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sops</span></a> <a href="https://mastodon.social/tags/helm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>helm</span></a> <a href="https://mastodon.social/tags/kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kubernetes</span></a> <a href="https://mastodon.social/tags/argocd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>argocd</span></a></p>
\LuXaS<p>Hier j'ai encore plus automatisé le déploiement de mon espace de travail (perso ou boulot) en ajoutant la gestion de mes secrets dans <a href="https://social.gnieh.org/tags/HM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HM</span></a> via <a href="https://social.gnieh.org/tags/sops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sops</span></a>-nix et <a href="https://social.gnieh.org/tags/age" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>age</span></a>. C'est beau. <a href="https://social.gnieh.org/tags/nix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nix</span></a></p>
Benedikt Ritter (he/him)<p><a href="https://chaos.social/@britter/112630897963141266" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">chaos.social/@britter/11263089</span><span class="invisible">7963141266</span></a></p><p>On the bright side: I‘ve sops now working with sops-nix. Took a while to get all the pieces together and fix all the typos in the yaml files (did I already say I hate yaml?) <a href="https://chaos.social/tags/sops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sops</span></a> <a href="https://chaos.social/tags/nix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nix</span></a> <a href="https://chaos.social/tags/nixos" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nixos</span></a> <a href="https://chaos.social/tags/HomeLab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HomeLab</span></a> <a href="https://chaos.social/tags/SelfHost" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfHost</span></a></p>
Lennart J. Kurzweg 🇪🇺<p>For all the <a href="https://ieji.de/tags/sops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sops</span></a> <a href="https://ieji.de/tags/nix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nix</span></a> enjoyers out there, Where do you keep your <a href="https://ieji.de/tags/AGE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AGE</span></a> key? Does it just live on your drive? Do you use something like a <a href="https://ieji.de/tags/yubikey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>yubikey</span></a>? Because boot strapping the key with sops obviously doesn't work</p><p><a href="https://ieji.de/tags/nixos" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nixos</span></a> <a href="https://ieji.de/tags/homemanager" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>homemanager</span></a> <a href="https://ieji.de/tags/sopsnix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sopsnix</span></a></p>
Lennart J. Kurzweg 🇪🇺<p>Learning how to create <a href="https://ieji.de/tags/ssh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ssh</span></a> keys from my <a href="https://ieji.de/tags/gpg" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gpg</span></a> <a href="https://ieji.de/tags/pgp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pgp</span></a> keys so that I can use <a href="https://ieji.de/tags/age" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>age</span></a> for <a href="https://ieji.de/tags/sops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sops</span></a> <a href="https://ieji.de/tags/sops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sops</span></a>-nix so I don't have to enter my email password manually if I even were to nuke my system </p><p><a href="https://ieji.de/tags/NixOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NixOS</span></a> <a href="https://ieji.de/tags/homemanager" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>homemanager</span></a> <a href="https://ieji.de/tags/cryptograpy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cryptograpy</span></a></p>
mcdwayne<p><a href="https://mastodon.social/tags/SOPS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SOPS</span></a> is a very interesting technology that, when used consistenly across an org, can go a long way towards stopping secrets sprawl. <br>Basically, agree with your team on an encryption method and SOPS does the rest! </p><p><a href="https://buff.ly/3VsEE1B" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">buff.ly/3VsEE1B</span><span class="invisible"></span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload