Safely commit your encrypted secrets to git, no more
Strong Config uses sops to encrypt your secrets with strong cryptography. Every config value whose key has the suffix
Secret will be encrypted by the CLI command
api: # will NOT by encrypted, it's just a normal config value url: www.super.com/api # WILL be encrypted because it has the 'Secret' suffix apiSecret: super-duper-secret-key # WILL also be encrypted, you get the idea :) anotherSecret: please-dont-tell-anybody
To encrypt anything, you will need an encryption key. Sops supports PGP, AWS KMS, Google Cloud KMS, and Azure Key Vault as key providers. Each of which we will demonstrate below ⬇️
<aside> 🚨 PGP is great if you just want to try out encryption or have a very simple use case. However, we recommend against using PGP for for production-level use or when working in a team because it's easier to use one of the cloud KMS systems below. Managing PGP keys among multiple people can get complicated very fast.
For this walk-through, we will use the AWS console to create our test key (if you prefer the terminal, you can also use the AWS CLI to create and manage keys).