Let’s face it, managing secrets in software projects can be as thrilling as being stabbed in the eye. Yet, it’s a necessary evil that we all have to deal with.
Problem: we have a set of a developers and set of infrastructure that all needs to share secrets. Would like to minimize infrastructure and keep cognitive load to a minimum so we can focus on writing code. Sure you’ve got AWS Secrets Manager and Hashicorp Vault for the heavy lifting, but that’s like using a tractor to crack a nut. And then there’s the keep-all-your-secrets-in-github-action-ENVs which leads to “push-and-pray” mentality (https://dagger.io/ talks on CI/CD are awesome). Not exactly the pinnacle of security or convenience, right?
Enter SOPS , the cool kid on the block that encrypts your files without the bullshit (You know it’s cool cos it’s the latest in a long line of tech abandoned by Mozilla). But setting it up? Still sucks. This post is about how github-to-sops helps.