Automic VaultAutomic Vault

brew

Install sops with Homebrew, apk, chocolatey, MacPorts, Nix, pacman, scoop, winget, zypper

Editor of encrypted files. Version 3.13.2 via Homebrew; verified 2026-06-30.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install sops

local Homebrew formula metadata

MacPortsverified · 94%
sudo port install sops

MacPorts ports tree · security/sops/Portfile · source: api.github.com

Linux

Alpine Linux apkverified · 92%
sudo apk add sops

Alpine Linux edge package indexes · sops · source: dl-cdn.alpinelinux.org

Nixverified · 92%
nix profile install nixpkgs#sops

nixpkgs package indexes · pkgs/by-name/so/sops/package.nix · source: api.github.com

Arch Linux pacmanverified · 92%
sudo pacman -S sops

Arch Linux sync databases · sops · source: geo.mirror.pkgbuild.com

openSUSE zypperverified · 92%
sudo zypper install sops

openSUSE Tumbleweed package metadata · sops · source: download.opensuse.org

overview

Package summary

Editor of encrypted files

Commands and aliases

  • sops

history

Project history and usage

SOPS, Secrets OPerationS, is a command-line editor for encrypted files. It is widely used to keep YAML, JSON, ENV, INI, and binary files encrypted while integrating with key systems such as AWS KMS, GCP KMS, Azure Key Vault, age, and PGP.

Project history

The official README and docs say SOPS was initially launched at Mozilla in 2015 by Adrian Utrilla and Julien Vehent. The project later moved under the `getsops` organization and was donated to the Cloud Native Computing Foundation as a Sandbox project in 2023.

SOPS grew out of operational pain around hand-managed PGP-encrypted files. Its official credits name hiera-eyaml, credstash, sneaker, password-store, and years of manual PGP management as inspirations.

Adoption history

SOPS became a standard secrets-management CLI in infrastructure repositories because it encrypts values in structured files while leaving enough metadata for automated decryption by CI, deployment tools, and operators with the right identities.

The package-manager metadata in this batch shows broad adoption across Homebrew, Alpine, Chocolatey, MacPorts, Nix, Arch, Scoop, winget, and openSUSE. That cross-platform packaging reflects how often SOPS is used both on developer laptops and in automation.

How it is used

A typical SOPS workflow is to create or edit an encrypted file with `sops`, commit the encrypted file, and decrypt or publish it only where the configured KMS, age, PGP, Vault/OpenBao, or cloud identity allows access.

Projects commonly keep `.sops.yaml` at a repository root to define `creation_rules` for new files. The official docs say SOPS recursively looks for `.sops.yaml` and that other names require an explicit `--config` option.

Why package nerds care

SOPS is package-nerd significant because it solved a painful operational gap with a small CLI instead of a central secrets service: encrypted structured files could live in Git and still be edited safely.

Its package spread also shows the modern DevOps pattern of one portable binary becoming shared workflow glue across macOS laptops, Linux CI runners, Windows machines, and Kubernetes-oriented tooling.

Timeline

  • 2015: SOPS launched as a Mozilla project.
  • 2023: SOPS donated to CNCF as a Sandbox project.
  • 2026: SOPS v3.13.2 released on GitHub.

Related projects

  • hiera-eyaml, credstash, sneaker, and password-store are named by the SOPS project as inspirations.
  • age, PGP, AWS KMS, GCP KMS, Azure Key Vault, HashiCorp Vault, OpenBao, and other KMS integrations are central to SOPS usage.
  • Kubernetes secret workflows and GitOps repositories are common operational contexts for SOPS, even though SOPS itself remains a standalone CLI.

security posture

No protected-tool coverage found yet

No matching local secret-handling manifest was found for sops. Nucleus package metadata is still published here so future coverage has a stable package URL.

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Build metadata lists 1 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
.sops.yaml

executables

Installed executables

CommandKindExposureNote
sopscliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version3.13.2
manager updated2026-06-30
local dataok
upstreamcurrent
latest detectedv3.13.2

https://github.com/getsops/sops

  • okNo freshness warnings were generated.

install metadata

Package metadata

Package keybrew:sops
Version3.13.2
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/sops
Homepagehttps://getsops.io/
Repositoryhttps://github.com/getsops/sops
Upstream docshttps://getsops.io/docs
LicenseMPL-2.0
Source archivehttps://github.com/getsops/sops/archive/refs/tags/v3.13.2.tar.gz
Last updated2026-06-30T08:40:31Z
Pulseupdated
Build dependenciesgo
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namesops
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

sops

nix profile install nixpkgs#sops
  • normalized package name match
  • Matched by: Sops
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/so/sops/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
apk95%

sops 3.12.2-r1

Simple and flexible tool for managing secrets

https://github.com/getsops/sops

sudo apk add sops
  • License: MPL-2.0
  • Architecture: x86_64
  • Source Package: sops
  • 1 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Sops
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: sops from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz
pacman95%

sops 3.13.1-1

Editor of encrypted files that supports YAML, JSON, ENV, INI and BINARY formats

https://github.com/getsops/sops

sudo pacman -S sops
  • License: MPL-2.0
  • Architecture: x86_64
  • 1 dependencies
  • normalized package name match
  • Matched by: Sops
Arch Linux sync databases · geo.mirror.pkgbuild.com · Arch Linux sync databases: sops from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz
zypper95%

sops 3.13.1-1.1

Simple and flexible tool for managing secrets

https://github.com/getsops/sops

sudo zypper install sops
  • License: MPL-2.0
  • Category: Productivity/Security
  • Architecture: x86_64
  • Source Package: sops
  • 1 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Sops
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: sops from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst
MacPorts95%

sops

sudo port install sops
  • normalized package name match
  • Matched by: Sops
MacPorts ports tree · api.github.com · MacPorts ports tree: security/sops/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1
Chocolatey95%

sops

choco install sops
  • normalized package name match
  • Matched by: Sops
Chocolatey community package catalog · community.chocolatey.org · Chocolatey community package catalog: sops from http://community.chocolatey.org/api/v2/Packages?$filter=IsLatestVersion&$select=Id&$top=1000&$skiptoken='11','sonarscanner-msbuild-net46'
Scoop95%

main/sops

scoop install main/sops
  • normalized package name match
  • Matched by: Sops
Scoop official bucket manifest trees · api.github.com · Scoop official bucket manifest trees: bucket/sops.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1
winget95%

Mozilla.SOPS

winget install --id Mozilla.SOPS -e
  • normalized package name match
  • Matched by: Sops
Windows Package Manager source index · cdn.winget.microsoft.com · Windows Package Manager source index: Mozilla.SOPS from https://cdn.winget.microsoft.com/cache/source.msix
winget95%

SecretsOPerationS.SOPS

winget install --id SecretsOPerationS.SOPS -e
  • normalized package name match
  • Matched by: Sops
Windows Package Manager source index · cdn.winget.microsoft.com · Windows Package Manager source index: SecretsOPerationS.SOPS from https://cdn.winget.microsoft.com/cache/source.msix

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment