Sops Age
@zocc/sops-agev2026.05.22.1
01README
SOPS + age vault for swamp: encrypt secrets at rest with AES-256-GCM via Mozilla SOPS and age. Zero network dependency — fully local, file-based. Works with existing SOPS workflows and zo.space secrets dashboards.
Setup
Generate an age keypair and SOPS-encrypted secrets file:
--input-type json --output-type json ~/.secrets/secrets.jsonCreate a vault instance:
--config '{"secretsFile":"/home/user/.secrets/secrets.json","ageKeyFile":"/home/user/.secrets/age.key","agePublicKey":"age1..."}'Usage
bash swamp vault list-keys my-secrets --json swamp vault read-secret my-secrets MY_SECRET --force swamp vault put my-secrets NEW_KEY=new_value
In workflows:
API_KEY: ${{ vault.get(my-secrets, OPENAI_API_KEY) }}Required Tools
sopsCLI (https://github.com/mozilla/sops) -ageCLI (https://github.com/FiloSottile/age)
02Vaults
SOPS + ageconfigurable
@zocc/sops-agesops_age/mod.ts
File-based secret vault encrypted with Mozilla SOPS and age. Secrets are stored as AES-256-GCM encrypted JSON on disk. Zero network dependency — fully local.
Config Fields
| Field | Type | Description |
|---|---|---|
| secretsFile | string | Path to the SOPS-encrypted JSON file containing secrets. |
| ageKeyFile | string | Path to the age private key file for decryption. |
| agePublicKey | string | age public key (recipient) for encryption. |
| sopsConfigFile? | string | Path to .sops.yaml (optional, overrides default config discovery). |
03Previous Versions
2026.05.21.2May 22, 2026
2026.05.21.1May 21, 2026
04Stats
A
100 / 100
Downloads
0
Archive size
9.7 KB
- Has README or module doc2/2earned
- README has a code example1/1earned
- README is substantive1/1earned
- Most symbols documented1/1earned
- No slow types1/1earned
- Dependencies pass trust audit2/2earned
- Has description1/1earned
- Platform support declared (or universal)2/2earned
- License declared1/1earned
- Verified public repository2/2earned
05Platforms
06Labels