# Install ksops with Homebrew

Flexible Kustomize Plugin for SOPS Encrypted Resources. Version 4.5.1 via Homebrew; verified 2026-04-13.

## Install

```sh
sudo av install brew:ksops
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install ksops
```

  Evidence: local Homebrew formula metadata

## Package facts

- **Package key:** brew:ksops
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/ksops>
- **Version:** 4.5.1
- **Source summary:** Flexible Kustomize Plugin for SOPS Encrypted Resources
- **Homepage:** <https://github.com/viaduct-ai/kustomize-sops>
- **Repository:** <https://github.com/viaduct-ai/kustomize-sops>
- **Upstream docs:** <https://github.com/viaduct-ai/kustomize-sops#readme>
- **License:** Apache-2.0
- **Source archive:** <https://github.com/viaduct-ai/kustomize-sops/archive/refs/tags/v4.5.1.tar.gz>
- **Last updated:** 2026-04-13T10:26:37Z
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- ksops (cli)
- ksops (alias)

## Build dependencies

- go

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 4.5.1
- Package-manager updated: 2026-04-13
- Local data: ok
- Upstream repository: https://github.com/viaduct-ai/kustomize-sops
- Upstream latest detected: v4.5.1 (current)
## Project history and usage

KSOPS is a kustomize-SOPS plugin for decrypting SOPS-encrypted Kubernetes resources during kustomize builds. It sits in the GitOps secrets-management niche where teams want encrypted manifests in Git but plain Kubernetes objects at apply time.

### Project history

The README says Viaduct built KSOPS after finding no solution compatible with its Kubernetes GitOps stack for managing secrets. The project connects kustomize to SOPS and documents integration with Argo CD so encrypted manifests can be managed like other Kubernetes manifests.

### Adoption history

KSOPS is aimed at teams already using kustomize, SOPS, and GitOps workflows rather than at general secret storage. Its adoption footprint is therefore narrow but practical: it is packaged as a Homebrew formula and documented as an installable CLI-style kustomize plugin.

### How it is used

Typical use is to define SOPS creation rules in .sops.yaml, add a KSOPS generator to kustomization.yaml, and run kustomize with plugin support so encrypted Secrets or ConfigMaps are decrypted during the build.

### Why package nerds care

KSOPS is interesting to package people because it packages a kustomize exec plugin as a normal command-line artifact, bridging Kubernetes configuration tooling, Git-stored encrypted files, and local package-manager installation.

### Timeline

- v1.0: The repository has a public v1.0 tag for the early KSOPS release line.
- v2.x: Later tags track the second major release line of the kustomize-SOPS plugin.
- v3.x: The repository tags include a third major release line for the plugin.

### Related projects

- Related projects include kustomize, SOPS, Argo CD, Kubernetes Secrets, and GitOps workflows.

### Sources

- <https://github.com/viaduct-ai/kustomize-sops>
- <https://github.com/viaduct-ai/kustomize-sops/releases>
- <https://github.com/viaduct-ai/kustomize-sops/tags>


## Security Notes

broad file, network, media, or database tool signal.

- **Geiger risk:** blue / medium
- broad file, network, media, or database tool signal


## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: .sops.yaml
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** ksops
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable


## Related links

- [Cloud CLI packages](https://www.automicvault.com/pkg/cloud-clis/) - Belongs to a cloud or infrastructure command family.
- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Secret-risk packages](https://www.automicvault.com/pkg/secret-risk-packages/) - Has protected-tool coverage, approval-gate, or non-low Geiger security signals.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [go](https://www.automicvault.com/pkg/brew/go/) - Build dependency declared by Homebrew.
- [kubeseal](https://www.automicvault.com/pkg/brew/kubeseal/) - Shares av.db curated category or tags: cli, kubernetes, secrets, security.
- [doppler](https://www.automicvault.com/pkg/brew/doppler/) - Shares av.db curated category or tags: cli, secrets, secrets-management, security.
- [fnox](https://www.automicvault.com/pkg/brew/fnox/) - Shares av.db curated category or tags: cli, secrets, secrets-management, security.
- [gator](https://www.automicvault.com/pkg/brew/gator/) - Shares av.db curated category or tags: cli, kubernetes, security.
- [git-secret](https://www.automicvault.com/pkg/brew/git-secret/) - Shares av.db curated category or tags: cli, secrets, secrets-management, security.
- [kube-bench](https://www.automicvault.com/pkg/brew/kube-bench/) - Shares av.db curated category or tags: cli, kubernetes, security.
- [kubehound](https://www.automicvault.com/pkg/brew/kubehound/) - Shares av.db curated category or tags: cli, kubernetes, security.
- [kubescape](https://www.automicvault.com/pkg/brew/kubescape/) - Shares av.db curated category or tags: cli, kubernetes, security.
- [ripsecrets](https://www.automicvault.com/pkg/brew/ripsecrets/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, management, secrets, secrets-management, security.
- [shush](https://www.automicvault.com/pkg/brew/shush/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, management, secrets, secrets-management, security.

## Combined YAML source

View the package source record on GitHub. [combined/ksops.yml](https://github.com/automic-vault/db/blob/main/combined/ksops.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- cross-ecosystem install command graph
