====== Mozilla Sops ======

  * [[https://github.com/getsops/sops|github/getsops/SOPS: Secrets OPerationS]]
  * [[https://github.com/getsops/sops/releases]]

  * [[https://habr.com/ru/articles/590733/|Mozilla Sops для управления секретами в гите]]

  * [[https://stackoverflow.com/questions/78211931/how-to-use-sops-exec-file-with-docker-compose|How to use sops exec-file with docker-compose?]]

  * [[Hashicorp Vault]]
  * Сервис Ansible [[Сервис Ansible#Роль OpenVPN сервера]]

<code>
# wget https://github.com/getsops/sops/releases/download/v3.11.0/sops-v3.11.0.linux.amd64

# mv sops-v3.11.0.linux.amd64 /usr/local/bin/sops

# chmod +x /usr/local/bin/sops

# VAULT_ADDR=http://server.corpX.un:8200

#  export VAULT_TOKEN=hKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKU

~/openvpn1# sops encrypt --hc-vault-transit $VAULT_ADDR/v1/transit/keys/ansible-openvpn1 openvpn1/files/server.key --in-place

~/openvpn1# cat openvpn1/files/server.key

~/openvpn1# sops decrypt openvpn1/files/server.key -i

# cat .sops.yaml
</code><code>
creation_rules:
  - path_regex: inventory.yaml
    encrypted_regex: ^ansible.*pass
    hc_vault_transit_uri: "http://server.corpX.un:8200/v1/transit/keys/ansible-openvpn1"
  - path_regex: openvpn1/files/server.key
    hc_vault_transit_uri: "http://server.corpX.un:8200/v1/transit/keys/ansible-openvpn1"
#  - path_regex: keycloak-db-secret.yaml
#    hc_vault_transit_uri: "http://server.corpX.un:8200/v1/transit/keys/my-pgcluster"
#  - path_regex: values.yaml
#    encrypted_regex: adminPassword|password
#    hc_vault_transit_uri: "http://server.corpX.un:8200/v1/transit/keys/my-keycloak"
</code><code>
~/openvpn1# sops encrypt inventory.yaml

~/openvpn1# 
sops -e -i inventory.yaml
sops -e -i openvpn1/files/server.key

~/openvpn1# cat inventory.yaml

~/openvpn1# sops edit inventory.yaml

~/openvpn1# sops exec-file inventory.yaml 'echo {}; cat {}'

~/openvpn1# ###sops -d -i inventory.yaml
</code>