# Install sops with Homebrew, apk, chocolatey, MacPorts, Nix, pacman, scoop, winget, zypper

Editor of encrypted files. Version 3.13.2 via Homebrew; verified 2026-06-30.

## Install

```sh
sudo av install brew:sops
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install sops
```

  Evidence: local Homebrew formula metadata

- MacPorts (94%):

```sh
sudo port install sops
```

  Evidence: MacPorts ports tree: security/sops/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

### Linux

- apk (92%):

```sh
sudo apk add sops
```

  Evidence: Alpine Linux edge package indexes: sops from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz

- Nix (92%):

```sh
nix profile install nixpkgs#sops
```

  Evidence: nixpkgs package indexes: pkgs/by-name/so/sops/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

- pacman (92%):

```sh
sudo pacman -S sops
```

  Evidence: Arch Linux sync databases: sops from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz

- zypper (92%):

```sh
sudo zypper install sops
```

  Evidence: openSUSE Tumbleweed package metadata: sops from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst

### Windows

- Chocolatey (92%):

```sh
choco install sops
```

  Evidence: Chocolatey community package catalog: sops from http://community.chocolatey.org/api/v2/Packages?$filter=IsLatestVersion&$select=Id&$top=1000&$skiptoken='11','sonarscanner-msbuild-net46'

- Scoop (92%):

```sh
scoop install main/sops
```

  Evidence: Scoop official bucket manifest trees: bucket/sops.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1

- winget (92%):

```sh
winget install --id Mozilla.SOPS -e
```

  Evidence: Windows Package Manager source index: Mozilla.SOPS from https://cdn.winget.microsoft.com/cache/source.msix

## Package facts

- **Package key:** brew:sops
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/sops>
- **Version:** 3.13.2
- **Source summary:** Editor of encrypted files
- **Homepage:** <https://getsops.io/>
- **Repository:** <https://github.com/getsops/sops>
- **Upstream docs:** <https://getsops.io/docs>
- **License:** MPL-2.0
- **Source archive:** <https://github.com/getsops/sops/archive/refs/tags/v3.13.2.tar.gz>
- **Last updated:** 2026-06-30T08:40:31Z
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- sops (cli)
- sops (alias)

## Build dependencies

- go

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 3.13.2
- Package-manager updated: 2026-06-30
- Local data: ok
- Upstream repository: https://github.com/getsops/sops
- Upstream latest detected: v3.13.2 (current)
## Project history and usage

SOPS, Secrets OPerationS, is a command-line editor for encrypted files. It is widely used to keep YAML, JSON, ENV, INI, and binary files encrypted while integrating with key systems such as AWS KMS, GCP KMS, Azure Key Vault, age, and PGP.

### Project history

The official README and docs say SOPS was initially launched at Mozilla in 2015 by Adrian Utrilla and Julien Vehent. The project later moved under the `getsops` organization and was donated to the Cloud Native Computing Foundation as a Sandbox project in 2023.

SOPS grew out of operational pain around hand-managed PGP-encrypted files. Its official credits name hiera-eyaml, credstash, sneaker, password-store, and years of manual PGP management as inspirations.

### Adoption history

SOPS became a standard secrets-management CLI in infrastructure repositories because it encrypts values in structured files while leaving enough metadata for automated decryption by CI, deployment tools, and operators with the right identities.

The package-manager metadata in this batch shows broad adoption across Homebrew, Alpine, Chocolatey, MacPorts, Nix, Arch, Scoop, winget, and openSUSE. That cross-platform packaging reflects how often SOPS is used both on developer laptops and in automation.

### How it is used

A typical SOPS workflow is to create or edit an encrypted file with `sops`, commit the encrypted file, and decrypt or publish it only where the configured KMS, age, PGP, Vault/OpenBao, or cloud identity allows access.

Projects commonly keep `.sops.yaml` at a repository root to define `creation_rules` for new files. The official docs say SOPS recursively looks for `.sops.yaml` and that other names require an explicit `--config` option.

### Why package nerds care

SOPS is package-nerd significant because it solved a painful operational gap with a small CLI instead of a central secrets service: encrypted structured files could live in Git and still be edited safely.

Its package spread also shows the modern DevOps pattern of one portable binary becoming shared workflow glue across macOS laptops, Linux CI runners, Windows machines, and Kubernetes-oriented tooling.

### Timeline

- 2015: SOPS launched as a Mozilla project.
- 2023: SOPS donated to CNCF as a Sandbox project.
- 2026: SOPS v3.13.2 released on GitHub.

### Related projects

- hiera-eyaml, credstash, sneaker, and password-store are named by the SOPS project as inspirations.
- age, PGP, AWS KMS, GCP KMS, Azure Key Vault, HashiCorp Vault, OpenBao, and other KMS integrations are central to SOPS usage.
- Kubernetes secret workflows and GitOps repositories are common operational contexts for SOPS, even though SOPS itself remains a standalone CLI.

### Sources

- <https://api.github.com/repos/getsops/sops>
- <https://api.github.com/repos/getsops/sops/releases>
- <https://getsops.io/docs/>
- <https://getsops.io/docs/usage/identities/config-file/>
- <https://github.com/getsops/sops>
- input.json source_facts.package-manager


## Security Notes

No matching local secret-handling manifest was found for sops. Nucleus package metadata is still published here so future coverage has a stable package URL.



## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: .sops.yaml
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** sops
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Nix - sops: normalized package name match | nixpkgs package indexes: pkgs/by-name/so/sops/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- apk - sops - 3.12.2-r1: normalized package name match | Alpine Linux edge package indexes: sops from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz | Simple and flexible tool for managing secrets | https://github.com/getsops/sops
- pacman - sops - 3.13.1-1: normalized package name match | Arch Linux sync databases: sops from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz | Editor of encrypted files that supports YAML, JSON, ENV, INI and BINARY formats | https://github.com/getsops/sops
- zypper - sops - 3.13.1-1.1: normalized package name match | openSUSE Tumbleweed package metadata: sops from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | Simple and flexible tool for managing secrets | https://github.com/getsops/sops
- MacPorts - sops: normalized package name match | MacPorts ports tree: security/sops/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1
- Chocolatey - sops: normalized package name match | Chocolatey community package catalog: sops from http://community.chocolatey.org/api/v2/Packages?$filter=IsLatestVersion&$select=Id&$top=1000&$skiptoken='11','sonarscanner-msbuild-net46'
- Scoop - main/sops: normalized package name match | Scoop official bucket manifest trees: bucket/sops.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1
- winget - Mozilla.SOPS: normalized package name match | Windows Package Manager source index: Mozilla.SOPS from https://cdn.winget.microsoft.com/cache/source.msix
- winget - SecretsOPerationS.SOPS: normalized package name match | Windows Package Manager source index: SecretsOPerationS.SOPS from https://cdn.winget.microsoft.com/cache/source.msix


## Related links

- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Text processing packages](https://www.automicvault.com/pkg/text-processing-tools/) - Matched text, document, or structured-data processing metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [go](https://www.automicvault.com/pkg/brew/go/) - Build dependency declared by Homebrew.
- [openbao](https://www.automicvault.com/pkg/brew/openbao/) - Shares av.db curated category or tags: cli, encryption, secrets-management, security.
- [chamber](https://www.automicvault.com/pkg/brew/chamber/) - Shares av.db curated category or tags: cli, secrets-management, security.
- [credstash](https://www.automicvault.com/pkg/brew/credstash/) - Shares av.db curated category or tags: cli, secrets-management, security.
- [fnox](https://www.automicvault.com/pkg/brew/fnox/) - Shares av.db curated category or tags: cli, encryption, secrets-management, security.
- [git-secret](https://www.automicvault.com/pkg/brew/git-secret/) - Shares av.db curated category or tags: cli, encryption, secrets-management, security.
- [infisical](https://www.automicvault.com/pkg/brew/infisical/) - Shares av.db curated category or tags: cli, secrets-management, security.
- [secretspec](https://www.automicvault.com/pkg/brew/secretspec/) - Shares av.db curated category or tags: cli, secrets-management, security.
- [shush](https://www.automicvault.com/pkg/brew/shush/) - Shares av.db curated category or tags: cli, encryption, secrets-management, security.

## Combined YAML source

View the package source record on GitHub. [combined/sops.yml](https://github.com/automic-vault/db/blob/main/combined/sops.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
