Security Zines' Rohit Sehgal took on his colorful pencils to explain what SOPS is, what it is not, and how it integrates with CI/CD. Have a look!

Click to get the full-res PDF.

Zine summary:

  • Problem: Secrets like API keys, database credentials, etc., need to be kept secure and not stored in plaintext.
  • Secrets OPerationS (SOPS) allows encrypting secrets into a file with the help of a cloud Key Management Service (KMS).
  • The encrypted secrets file can be stored in a Git repository and decrypted into environment variables or temporary files.
  • SOPS supports various file formats like YAML, JSON, and ENV, for storing secrets.
  • SOPS is not a data storage solution or for real-time encryption!
  • SOPS integrates with Continuous Integration/Continuous Deployment (CI/CD) pipelines for automated decryption.
  • It is cloud-independent and can work with different cloud providers' KMS.

Get started with this in-depth tutorial:

A Comprehensive Guide to SOPS: Managing Your Secrets Like A Visionary, Not a Functionary
Have you heard about SOPS? If you have already been in a situation where you needed to share sensitive information with your teammates, this is for you.
Security Zines is a project led by Rohit Sehgal. Check out his work at and give him a follow on Twitter @sec_r0 to see what he comes up with next!