{ "info": { "author": "Julien Vehent", "author_email": "jvehent@mozilla.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 5 - Production/Stable", "License :: OSI Approved :: Mozilla Public License 2.0 (MPL 2.0)", "Topic :: Software Development :: Libraries :: Python Modules" ], "description": "SOPS: Secrets OPerationS\n========================\n\n.. image:: http://unmaintained.tech/badge.svg\n :target: http://unmaintained.tech/\n :alt: No Maintenance Intended\n\nThis is the Python version of SOPS that is no longer maintained. We fix the occasional bug, but all improvements happen in the Go version of SOPS, over in the Master branch. You have been warned!\n\n**sop** is an editor of encrypted files that supports YAML, JSON and BINARY formats and encrypts with AWS KMS and PGP (via GnuPG). Watch `the demo `_.\n\n.. image:: http://i.imgur.com/IL6dlhm.gif\n\n.. image:: https://travis-ci.org/mozilla/sops.svg?branch=master\n\t:target: https://travis-ci.org/mozilla/sops\n\n**Questions?** ping \"ulfr\" in `#security` on `irc.mozilla.org `_\n(use a web client like `mibbit `_ ).\n\n.. sectnum::\n.. contents:: Table of Contents\n\nInstallation\n------------\n\n* RHEL family::\n\n\tsudo yum install gcc git libffi-devel libyaml-devel make openssl openssl-devel python-devel python-pip\n\tsudo pip install --upgrade sops\n\n* Debian family::\n\n\tsudo apt-get install gcc git libffi-dev libssl-dev libyaml-dev make openssl python-dev python-pip\n\tsudo pip install --upgrade sops\n\n* MacOS Brew Install::\n\n\tbrew install sops\n\n* MacOS Manual Install::\n\n\tbrew install libffi libyaml python [1]\n\tpip install sops\n\n1. http://docs.python-guide.org/en/latest/starting/install/osx/#doing-it-right\n\nIn a virtualenv\n~~~~~~~~~~~~~~~\n\nAssuming you already have libffi and libyaml installed, the following commands will install sops in a virtualenv:\n\n.. code:: bash\n\n $ sudo pip install virtualenv --upgrade\n $ virtualenv ~/sopsvenv\n $ source ~/sopsvenv/bin/activate\n $ pip install -U sops\n $ sops -v\n sops 1.9\n\nTest with the dev PGP key\n~~~~~~~~~~~~~~~~~~~~~~~~~\nClone the repository, load the test PGP key and open the test files::\n\n\t$ git clone https://github.com/mozilla/sops.git\n\t$ cd sops\n\t$ gpg --import tests/sops_functional_tests_key.asc\n\t$ sops example.yaml\n\nThis last step will decrypt `example.yaml` using the test private key. To create\nyour own secrets files using keys under your control, keep reading.\n\nUsage\n-----\n\nIf you're using AWS KMS, create one or multiple master keys in the IAM console\nand export them, comma separated, in the **SOPS_KMS_ARN** env variable. It is\nrecommended to use at least two master keys in different regions.\n\n.. code:: bash\n\n\texport SOPS_KMS_ARN=\"arn:aws:kms:us-east-1:656532927350:key/920aff2e-c5f1-4040-943a-047fa387b27e,arn:aws:kms:ap-southeast-1:656532927350:key/9006a8aa-0fa6-4c14-930e-a2dfb916de1d\"\n\nYour AWS credentials must be present in `~/.aws/credentials`. sops uses boto3.\n\n.. code::\n\n\t$ cat ~/.aws/credentials\n\t[default]\n\taws_access_key_id = AKI.....\n\taws_secret_access_key = mw......\n\nIf you want to use PGP, export the fingerprints of the public keys, comma\nseparated, in the **SOPS_PGP_FP** env variable.\n\n.. code:: bash\n\n\texport SOPS_PGP_FP=\"85D77543B3D624B63CEA9E6DBC17301B491B3F21,E60892BB9BD89A69F759A1A0A3D652173B763E8F\"\n\nNote: you can use both PGP and KMS simultaneously.\n\nThen simply call `sops` with a file path as argument. It will handle the\nencryption/decryption transparently and open the cleartext file in an editor\n\n.. code:: bash\n\n\t$ sops mynewtestfile.yaml\n\tmynewtestfile.yaml doesn't exist, creating it.\n\tplease wait while an encryption key is being generated and stored in a secure fashion\n\tfile written to mynewtestfile.yaml\n\n.\nEditing will happen in whatever $EDITOR is set to, or, if it's not set, in vim.\nKeep in mind that sops will wait for the editor to exit, and then try to reencrypt\nthe file. Some GUI editors (atom, sublime) spawn a child process and then exit\nimmediately. They usually have an option to wait for the main editor window to be\nclosed before exiting. See [#127](https://github.com/mozilla/sops/issues/127) for\nmore information.\n\nThe resulting encrypted file looks like this:\n\n.. code:: yaml\n\n myapp1: ENC[AES256_GCM,data:Tr7o=,iv:1=,aad:No=,tag:k=]\n app2:\n db:\n user: ENC[AES256_GCM,data:CwE4O1s=,iv:2k=,aad:o=,tag:w==]\n password: ENC[AES256_GCM,data:p673w==,iv:YY=,aad:UQ=,tag:A=]\n # private key for secret operations in app2\n key: |-\n ENC[AES256_GCM,data:Ea3kL5O5U8=,iv:DM=,aad:FKA=,tag:EA==]\n an_array:\n - ENC[AES256_GCM,data:v8jQ=,iv:HBE=,aad:21c=,tag:gA==]\n - ENC[AES256_GCM,data:X10=,iv:o8=,aad:CQ=,tag:Hw==]\n - ENC[AES256_GCM,data:KN=,iv:160=,aad:fI4=,tag:tNw==]\n sops:\n kms:\n - created_at: 1441570389.775376\n enc: CiC....Pm1Hm\n arn: arn:aws:kms:us-east-1:656532927350:key/920aff2e-c5f1-4040-943a-047fa387b27e\n - created_at: 1441570391.925734\n enc: Ci...awNx\n arn: arn:aws:kms:ap-southeast-1:656532927350:key/9006a8aa-0fa6-4c14-930e-a2dfb916de1d\n pgp:\n - fp: 85D77543B3D624B63CEA9E6DBC17301B491B3F21\n created_at: 1441570391.930042\n enc: |\n -----BEGIN PGP MESSAGE-----\n hQIMA0t4uZHfl9qgAQ//UvGAwGePyHuf2/zayWcloGaDs0MzI+zw6CmXvMRNPUsA\n\t\t\t\t...=oJgS\n -----END PGP MESSAGE-----\n\nA copy of the encryption/decryption key is stored securely in each KMS and PGP\nblock. As long as one of the KMS or PGP method is still usable, you will be able\nto access your data.\n\nTo decrypt a file in a `cat` fashion, use the `-d` flag:\n\n.. code:: bash\n\n\t$ sops -d mynewtestfile.yaml\n\n`sops` encrypted files contain the necessary information to decrypt their content.\nAll a user of `sops` needs is valid AWS credentials and the necessary\npermissions on KMS keys.\n\nGiven that, the only command a `sops` user needs is:\n\n.. code:: bash\n\n\t$ sops \n\n`` will be opened, decrypted, passed to a text editor (vim by default),\nencrypted if modified, and saved back to its original location. All of these\nsteps, apart from the actual editing, are transparent to the user.\n\nAdding and removing keys\n~~~~~~~~~~~~~~~~~~~~~~~~\n\nWhen creating new files, `sops` uses the PGP and KMS defined in the command\nline arguments `--kms` and `--pgp`, or from the environment variables\n`SOPS_KMS_ARN` and `SOPS_PGP_FP`. That information is stored in the file under\nthe `sops` section, such that decrypting files does not require providing those\nparameters again.\n\nMaster PGP and KMS keys can be added and removed from a `sops` file in one of\ntwo ways: by using command line flag, or by editing the file directly.\n\nCommand line flag `--add-kms`, `--add-pgp`, `--rm-kms` and `--rm-pgp` can be\nused to add and remove keys from a file. These flags use the comma separated\nsyntax as the `--kms` and `--pgp` arguments when creating new files.\n\n.. code:: bash\n\n\t# add a new pgp key to the file and rotate the data key\n\t$ sops -r --add-pgp 85D77543B3D624B63CEA9E6DBC17301B491B3F21 example.yaml\n\n\t# remove a pgp key from the file and rotate the data key\n\t$ sops -r --rm-pgp 85D77543B3D624B63CEA9E6DBC17301B491B3F21 example.yaml\n\nAlternatively, invoking `sops` with the flag **-s** will display the master keys\nwhile editing. This method can be used to add or remove kms or pgp keys under the\nsops section.\n\nFor example, to add a KMS master key to a file, add the following entry while\nediting:\n\n.. code:: yaml\n\n\tsops:\n\t kms:\n\t - arn: arn:aws:kms:us-east-1:656532927350:key/920aff2e-c5f1-4040-943a-047fa387b27e\n\nAnd, similarly, to add a PGP master key, we add its fingerprint:\n\n.. code:: yaml\n\n\tsops:\n\t pgp:\n\t - fp: 85D77543B3D624B63CEA9E6DBC17301B491B3F21\n\nWhen the file is saved, `sops` will update its metadata and encrypt the data key\nwith the freshly added master keys. The removed entries are simply deleted from\nthe file.\n\nWhen removing keys, it is recommended to rotate the data key using `-r`,\notherwise owners of the removed key may have add access to the data key in the\npast.\n\nAssuming roles and using KMS in various AWS accounts\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nSOPS has the ability to use KMS in multiple AWS accounts by assuming roles in\neach account. Being able to assume roles is a nice feature of AWS that allows\nadministrators to establish trust relationships between accounts, typically from\nthe most secure account to the least secure one. In our use-case, we use roles\nto indicate that a user of the Master AWS account is allowed to make use of KMS\nmaster keys in development and staging AWS accounts. Using roles, a single file\ncan be encrypted with KMS keys in multiple accounts, thus increasing reliability\nand ease of use.\n\nYou can use keys in various accounts by tying each KMS master key to a role that\nthe user is allowed to assume in each account. The `IAM roles\n`_\ndocumentation has full details on how this needs to be configured on AWS's side.\n\nFrom the point of view of `sops`, you only need to specify the role a KMS key\nmust assume alongside its ARN, as follows:\n\n.. code:: yaml\n\n\tsops:\n\t kms:\n\t -\tarn: arn:aws:kms:us-east-1:656532927350:key/920aff2e-c5f1-4040-943a-047fa387b27e\n\t role: arn:aws:iam::927034868273:role/sops-dev-xyz\n\nThe role must have permission to call Encrypt and Decrypt using KMS. An example\npolicy is shown below.\n\n.. code:: json\n\n\t{\n\t \"Sid\": \"Allow use of the key\",\n\t \"Effect\": \"Allow\",\n\t \"Action\": [\n\t\t\"kms:Encrypt\",\n\t\t\"kms:Decrypt\",\n\t\t\"kms:ReEncrypt*\",\n\t\t\"kms:GenerateDataKey*\",\n\t\t\"kms:DescribeKey\"\n\t ],\n\t \"Resource\": \"*\",\n\t \"Principal\": {\n\t\t\"AWS\": [\n\t\t \"arn:aws:iam::927034868273:role/sops-dev-xyz\"\n\t\t]\n\t }\n\t}\n\nYou can specify a role in the `--kms` flag and `SOPS_KMS_ARN` variable by\nappending it to the ARN of the master key, separated by a **+** sign::\n\n\t+\n\tarn:aws:kms:us-west-2:927034868273:key/fe86dd69-4132-404c-ab86-4269956b4500+arn:aws:iam::927034868273:role/sops-dev-xyz\n\nAWS KMS Encryption Context\n~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nSOPS has the ability to use AWS KMS key policy and encryption context\n\nto refine the access control of a given KMS master key.\n\nWhen creating a new file, you can specify encryption context in the\n`--encryption-context` flag by comma separated list of key-value pairs:\n\nWhen creating a new file, you can specify encryption context in the\n`--encryption-context` flag by comma separated list of key-value pairs:\n\n.. code:: bash\n\n\t$ sops --encryption-context Environment:production,Role:web-server test.dev.yaml\n\nThe format of the Encrypt Context string is `:,:,...`\n\nThe encryption context will be stored in the file metadata and does\nnot need to be provided at decryption.\n\nEncryption contexts can be used in conjunction with KMS Key Policies to define\nroles that can only access a given context. An example policy is shown below:\n\n.. code:: json\n\n {\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::111122223333:role/RoleForExampleApp\"\n },\n \"Action\": \"kms:Decrypt\",\n \"Resource\": \"*\",\n \"Condition\": {\n \"StringEquals\": {\n \"kms:EncryptionContext:AppName\": \"ExampleApp\",\n \"kms:EncryptionContext:FilePath\": \"/var/opt/secrets/\"\n }\n }\n }\n\nKey Rotation\n~~~~~~~~~~~~\n\nIt is recommended to renew the data key on a regular basis. `sops` supports key\nrotation via the `-r` flag. Invoking it on an existing file causes sops to\nreencrypt the file with a new data key, which is then encrypted with the various\nKMS and PGP master keys defined in the file.\n\n.. code:: bash\n\n\tsops -r example.yaml\n\nUsing .sops.yaml conf to select KMS/PGP for new files\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nIt is often tedious to specify the `--kms` and `--pgp` parameters for creation\nof all new files. If your secrets are stored under a specific directory, like a\n`git` repository, you can create a `.sops.yaml` configuration file at the root\ndirectory to define which keys are used for which filename.\n\nLet's take an example:\n\n* file named **something.dev.yaml** should use one set of KMS A\n* file named **something.prod.yaml** should use another set of KMS B\n* other files use a third set of KMS C\n* all live under **mysecretrepo/something.{dev,prod}.yaml**\n\nUnder those circumstances, a file placed at **mysecretrepo/.sops.yaml**\ncan manage the three sets of configurations for the three types of files:\n\n.. code:: yaml\n\n\t# creation rules are evaluated sequentially, the first match wins\n\tcreation_rules:\n\t\t# upon creation of a file that matches the pattern *.dev.yaml,\n\t\t# KMS set A is used\n\t\t- filename_regex: \\.dev\\.yaml$\n\t\t kms: 'arn:aws:kms:us-west-2:927034868273:key/fe86dd69-4132-404c-ab86-4269956b4500,arn:aws:kms:us-west-2:361527076523:key/5052f06a-5d3f-489e-b86c-57201e06f31e+arn:aws:iam::361527076523:role/hiera-sops-prod'\n\t\t pgp: '1022470DE3F0BC54BC6AB62DE05550BC07FB1A0A'\n\n\t\t# prod files use KMS set B in the PROD IAM\n\t\t- filename_regex: \\.prod\\.yaml$\n\t\t kms: 'arn:aws:kms:us-west-2:361527076523:key/5052f06a-5d3f-489e-b86c-57201e06f31e+arn:aws:iam::361527076523:role/hiera-sops-prod,arn:aws:kms:eu-central-1:361527076523:key/cb1fab90-8d17-42a1-a9d8-334968904f94+arn:aws:iam::361527076523:role/hiera-sops-prod'\n\t\t pgp: '1022470DE3F0BC54BC6AB62DE05550BC07FB1A0A'\n\n\t\t# Finally, if the rules above have not matched, this one is a\n\t\t# catchall that will encrypt the file using KMS set C\n\t\t# The absence of a filename_regex means it will match everything\n\t\t- kms: 'arn:aws:kms:us-west-2:927034868273:key/fe86dd69-4132-404c-ab86-4269956b4500,arn:aws:kms:us-west-2:142069644989:key/846cfb17-373d-49b9-8baf-f36b04512e47,arn:aws:kms:us-west-2:361527076523:key/5052f06a-5d3f-489e-b86c-57201e06f31e'\n\t\t pgp: '1022470DE3F0BC54BC6AB62DE05550BC07FB1A0A'\n\nWhen creating any file under **mysecretrepo**, whether at the root or under\na subdirectory, sops will recursively look for a `.sops.yaml` file. If one is\nfound, the filename of the file being created is compared with the filename\nregexes of the configuration file. The first regex that matches is selected,\nand its KMS and PGP keys are used to encrypt the file.\n\nCreating a new file with the right keys is now as simple as\n\n.. code:: bash\n\n\t$ sops .prod.yaml\n\nNote that the configuration file is ignored when KMS or PGP parameters are\npassed on the sops command line or in environment variables.\n\nSpecify a different GPG executable\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\n`sops` checks for the `SOPS_GPG_EXEC` environment variable. If specified, \nit will attempt to use the executable set there instead of the default \nof `gpg`.\n\nExample: place the following in your `~/.bashrc`\n\n.. code:: bash\n\n\tSOPS_GPG_EXEC = 'your_gpg_client_wrapper'\n\t\nImportant information on types\n------------------------------\n\nYAML and JSON type extensions\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\n`sops` uses the file extension to decide which encryption method to use on the file\ncontent. `YAML` and `JSON` files are treated as trees of data, and key/values are\nextracted from the files to only encrypt the leaf values. The tree structure is also\nused to check the integrity of the file.\n\nTherefore, if a file is encrypted using a specific format, it need to be decrypted\nin the same format. The easiest way to achieve this is to conserve the original file\nextension after encrypting a file. For example::\n\n\t$ sops -e -i myfile.json\n\n\t$ sops -d myfile.json\n\nIf you want to change the extension of the file once encrypted, you need to provide\nsops with the `--input-type` flag upon decryption. For example::\n\n\t$ sops -e myfile.json > myfile.json.enc\n\n\t$ sops -d --input-type json myfile.json.enc\n\nYAML anchors\n~~~~~~~~~~~~\n`sops` only supports a subset of `YAML`'s many types. Encrypting YAML files that\ncontain strings, numbers and booleans will work fine, but files that contain anchors\nwill not work, because the anchors redefine the structure of the file at load time.\n\nThis file will not work in `sops`:\n\n.. code:: yaml\n\n\tbill-to: &id001\n\t street: |\n\t 123 Tornado Alley\n\t Suite 16\n\t city: East Centerville\n\t state: KS\n\n\tship-to: *id001\n\n`sops` uses the path to a value as additional data in the AEAD encryption, and thus\ndynamic paths generated by anchors break the authentication step.\n\nJSON and TEXT file types do not support anchors and thus have no such limitation.\n\nTop-level arrays\n~~~~~~~~~~~~~~~~\n`YAML` and `JSON` top-level arrays are not supported, because `sops` needs a top-level\n`sops` key to store its metadata.\nThis file will not work in sops:\n\n.. code:: yaml\n\n\t---\n\t - some\n\t - array\n\t - elements\n\nBut this one will because because the `sops` key can be added at the same level as the\n`data` key.\n\n.. code:: yaml\n\n\tdata:\n\t - some\n\t - array\n\t - elements\n\nSimilarly, with `JSON` arrays, this document will not work:\n\n.. code:: json\n\n\t[\n\t \"some\",\n\t \"array\",\n\t \"elements\"\n\t]\n\n\nBut this one will work just fine:\n\n.. code:: json\n\n\t{\n\t \"data\": [\n\t \"some\",\n\t \"array\",\n\t \"elements\"\n\t ]\n\t}\n\n\nExamples\n--------\n\nTake a look into the `examples `_ folder for detailed use cases of sops in a CI environment. The section below describes specific tips for common use cases.\n\nCreating a new file\n~~~~~~~~~~~~~~~~~~~\n\nThe command below creates a new file with a data key encrypted by KMS and PGP.\n\n.. code:: bash\n\n\t$ sops --kms \"arn:aws:kms:us-west-2:927034868273:key/fe86dd69-4132-404c-ab86-4269956b4500\" --pgp C9CAB0AF1165060DB58D6D6B2653B624D620786D /path/to/new/file.yaml\n\nEncrypting an existing file\n~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nSimilar to the previous command, we tell sops to use one KMS and one PGP key.\nThe path points to an existing cleartext file, so we give sops flag `-e` to\nencrypt the file, and redirect the output to a destination file.\n\n.. code:: bash\n\n\t$ export SOPS_KMS_ARN=\"arn:aws:kms:us-west-2:927034868273:key/fe86dd69-4132-404c-ab86-4269956b4500\"\n\t$ export SOPS_PGP_FP=\"C9CAB0AF1165060DB58D6D6B2653B624D620786D\"\n\t$ sops -e /path/to/existing/file.yaml > /path/to/new/encrypted/file.yaml\n\nDecrypt the file with `-d`.\n\n.. code:: bash\n\n\t$ sops -d /path/to/new/encrypted/file.yaml\n\nEncrypt or decrypt a file in place\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nRather than redirecting the output of `-e` or `-d`, sops can replace the\noriginal file after encrypting or decrypting it.\n\n.. code:: bash\n\n\t# file.yaml is in cleartext\n\t$ sops -e -i /path/to/existing/file.yaml\n\t# file.yaml is now encrypted\n\t$ sops -d -i /path/to/existing/file.yaml\n\t# file.yaml is back in cleartext\n\nEncrypting binary files\n~~~~~~~~~~~~~~~~~~~~~~~\n\n`sops` primary use case is encrypting YAML and JSON configuration files, but it\nalso has the ability to manage binary files. When encrypting a binary, sops will\nread the data as bytes, encrypt it, store the encrypted base64 under\n`tree['data']` and write the result as JSON.\n\nNote that the base64 encoding of encrypted data can actually make the encrypted\nfile larger than the cleartext one.\n\nIn-place encryption/decryption also works on binary files.\n\n.. code::\n\n\t$ dd if=/dev/urandom of=/tmp/somerandom bs=1024\n\tcount=512\n\t512+0 records in\n\t512+0 records out\n\t524288 bytes (524 kB) copied, 0.0466158 s, 11.2 MB/s\n\n\t$ sha512sum /tmp/somerandom\n\t9589bb20280e9d381f7a192000498c994e921b3cdb11d2ef5a986578dc2239a340b25ef30691bac72bdb14028270828dad7e8bd31e274af9828c40d216e60cbe /tmp/somerandom\n\n\t$ sops -e -i /tmp/somerandom\n\tplease wait while a data encryption key is being generated and stored securely\n\n\t$ sops -d -i /tmp/somerandom\n\n\t$ sha512sum /tmp/somerandom\n\t9589bb20280e9d381f7a192000498c994e921b3cdb11d2ef5a986578dc2239a340b25ef30691bac72bdb14028270828dad7e8bd31e274af9828c40d216e60cbe /tmp/somerandom\n\nExtract a sub-part of a document tree\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\n`sops` can extract a specific part of a YAML or JSON document, by provided the\npath in the `--extract` command line flag. This is useful to extract specific\nvalues, like keys, without needing an extra parser.\n\n.. code:: bash\n\n\t$ sops -d ~/git/svc/sops/example.yaml --extract '[\"app2\"][\"key\"]'\n\t-----BEGIN RSA PRIVATE KEY-----\n\tMIIBPAIBAAJBAPTMNIyHuZtpLYc7VsHQtwOkWYobkUblmHWRmbXzlAX6K8tMf3Wf\n\tImcbNkqAKnELzFAPSBeEMhrBN0PyOC9lYlMCAwEAAQJBALXD4sjuBn1E7Y9aGiMz\n\tbJEBuZJ4wbhYxomVoQKfaCu+kH80uLFZKoSz85/ySauWE8LgZcMLIBoiXNhDKfQL\n\tvHECIQD6tCG9NMFWor69kgbX8vK5Y+QL+kRq+9HK6yZ9a+hsLQIhAPn4Ie6HGTjw\n\tfHSTXWZpGSan7NwTkIu4U5q2SlLjcZh/AiEA78NYRRBwGwAYNUqzutGBqyXKUl4u\n\tErb0xAEyVV7e8J0CIQC8VBY8f8yg+Y7Kxbw4zDYGyb3KkXL10YorpeuZR4LuQQIg\n\tbKGPkMM4w5blyE1tqGN0T7sJwEx+EUOgacRNqM2ljVA=\n\t-----END RSA PRIVATE KEY-----\n\nThe tree path syntax uses regular python dictionary syntax, without the\nvariable name. Extract keys by naming them, and array elements by numbering\nthem.\n\n.. code:: bash\n\n\t$ sops -d ~/git/svc/sops/example.yaml --extract '[\"an_array\"][1]'\n\tsecretuser2\n\nSet a sub-part in a document tree\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\n`sops` can set a specific part of a YAML or JSON document, by providing\nthe path and value in the `--set` command line flag. This is useful to\nset specific values, like keys, without needing an editor.\n\n.. code:: bash\n\n\t$ sops ~/git/svc/sops/example.yaml --set '[\"app2\"][\"key\"]' '\"app2keystringvalue\"'\n\nThe tree path syntax uses regular python dictionary syntax, without the\nvariable name. Set to keys by naming them, and array elements by\nnumbering them.\n\n.. code:: bash\n\n\t$ sops ~/git/svc/sops/example.yaml --set '[\"an_array\"][1]' '\"secretuser2\"'\n\nThe value must be formatted as json.\n\n.. code:: bash\n\n\t$ sops ~/git/svc/sops/example.yaml --set '[\"an_array\"][1]' '{\"uid1\":null,\"uid2\":1000,\"uid3\":[\"bob\"]}'\n\nUsing sops as a library in a python script\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nYou can import sops as a module and use it in your python program.\n\n.. code:: python\n\n\timport sops\n\n\tpathtype = sops.detect_filetype(path)\n\ttree = sops.load_file_into_tree(path, pathtype)\n\tsops_key, tree = sops.get_key(tree)\n\ttree = sops.walk_and_decrypt(tree, sops_key)\n\tsops.write_file(tree, path=path, filetype=pathtype)\n\nShowing diffs in cleartext in git\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nYou most likely want to store encrypted files in a version controlled repository.\nSops can be used with git to decrypt files when showing diffs between versions.\nThis is very handy for reviewing changes or visualizing history.\n\nTo configure sops to decrypt files during diff, create a `.gitattributes` file\nat the root of your repository that contains a filter and a command.\n\n... code::\n\n\t*.yaml diff=sopsdiffer\n\nHere we only care about YAML files. `sopsdiffer` is an arbitrary name that we map\nto a sops command in the git configuration file of the repository.\n\n.. code:: bash\n\n\t$ git config diff.sopsdiffer.textconv \"sops -d\"\n\n\t$ grep -A 1 sopsdiffer .git/config\n\t[diff \"sopsdiffer\"]\n\t\ttextconv = \"sops -d\"\n\nWith this in place, calls to `git diff` will decrypt both previous and current\nversions of the target file prior to displaying the diff. And it even works with\ngit client interfaces, because they call git diff under the hood!\n\nEncrypting only parts of a file\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nNote: this only works on YAML and JSON files, not on BINARY files.\n\nBy default, `sops` encrypts all the values of a YAML or JSON file and leaves the\nkeys in cleartext. In some instances, you may want to exclude some values from\nbeing encrypted. This can be accomplished by adding the suffix **_unencrypted**\nto any key of a file. When set, all values underneath the key that set the\n**_unencrypted** prefix will be left in cleartext.\n\nNote that, while in cleartext, unencrypted content is still added to the\nchecksum of the file, and thus cannot be modified outside of sops without\nbreaking the file integrity check.\n\nThe unencrypted suffix can be set to a different value using the\n`--unencrypted-suffix` option.\n\nEncryption Protocol\n-------------------\n\nWhen sops creates a file, it generates a random 256 bit data key and asks each\nKMS and PGP master key to encrypt the data key. The encrypted version of the data\nkey is stored in the `sops` metadata under `sops.kms` and `sops.pgp`.\n\nFor KMS:\n\n.. code:: yaml\n\n sops:\n kms:\n - enc: CiC6yCOtzsnFhkfdIslYZ0bAf//gYLYCmIu87B3sy/5yYxKnAQEBAQB4usgjrc7JxYZH3SLJWGdGwH//4GC2ApiLvOwd7Mv+cmMAAAB+MHwGCSqGSIb3DQEHBqBvMG0CAQAwaAYJKoZIhvcNAQcBMB4GCWCGSAFlAwQBLjARBAyGdRODuYMHbA8Ozj8CARCAO7opMolPJUmBXd39Zlp0L2H9fzMKidHm1vvaF6nNFq0ClRY7FlIZmTm4JfnOebPseffiXFn9tG8cq7oi\n enc_ts: 1439568549.245995\n arn: arn:aws:kms:us-east-1:656532927350:key/920aff2e-c5f1-4040-943a-047fa387b27e\n\nFor PGP:\n\n.. code:: yaml\n\n sops:\n pgp:\n - fp: 85D77543B3D624B63CEA9E6DBC17301B491B3F21\n created_at: 1441570391.930042\n enc: |\n -----BEGIN PGP MESSAGE-----\n Version: GnuPG v1\n\n hQIMA0t4uZHfl9qgAQ//UvGAwGePyHuf2/zayWcloGaDs0MzI+zw6CmXvMRNPUsA\n pAgRKczJmDu4+XzN+cxX5Iq9xEWIbny9B5rOjwTXT3qcUYZ4Gkzbq4MWkjuPp/Iv\n qO4MJaYzoH5YxC4YORQ2LvzhA2YGsCzYnljmatGEUNg01yJ6r5mwFwDxl4Nc80Cn\n RwnHuGExK8j1jYJZu/juK1qRbuBOAuruIPPWVdFB845PA7waacG1IdUW3ZtBkOy3\n O0BIfG2ekRg0Nik6sTOhDUA+l2bewCcECI8FYCEjwHm9Sg5cxmP2V5m1mby+uKAm\n kewaoOyjbmV1Mh3iI1b/AQMr+/6ZE9MT2KnsoWosYamFyjxV5r1ZZM7cWKnOT+tu\n KOvGhTV1TeOfVpajNTNwtV/Oyh3mMLQ0F0HgCTqomQVqw5+sj7OWAASuD3CU/dyo\n pcmY5Qe0TNL1JsMNEH8LJDqSh+E0hsUxdY1ouVsg3ysf6mdM8ciWb3WRGxih1Vmf\n unfLy8Ly3V7ZIC8EHV8aLJqh32jIZV4i2zXIoO4ZBKrudKcECY1C2+zb/TziVAL8\n qyPe47q8gi1rIyEv5uirLZjgpP+JkDUgoMnzlX334FZ9pWtQMYW4Y67urAI4xUq6\n /q1zBAeHoeeeQK+YKDB7Ak/Y22YsiqQbNp2n4CKSKAE4erZLWVtDvSp+49SWmS/S\n XgGi+13MaXIp0ecPKyNTBjF+NOw/I3muyKr8EbDHrd2XgIT06QXqjYLsCb1TZ0zm\n xgXsOTY3b+ONQ2zjhcovanDp7/k77B+gFitLYKg4BLZsl7gJB12T8MQnpfSmRT4=\n =oJgS\n -----END PGP MESSAGE-----\n\nsops then opens a text editor on the newly created file. The user adds data to the\nfile and saves it when done.\n\nUpon save, sops browses the entire file as a key/value tree. Every time sops\nencounters a leaf value (a value that does not have children), it encrypts the\nvalue with AES256_GCM using the data key and a 256 bit random initialization\nvector.\n\nEach file uses a single data key to encrypt all values of a document, but each\nvalue receives a unique initialization vector and has unique authentication data.\n\nAdditional data is used to guarantee the integrity of the encrypted data\nand of the tree structure: when encrypting the tree, key names are concatenated\ninto a byte string that is used as AEAD additional data (aad) when encrypting\nvalues. We expect that keys do not carry sensitive information, and\nkeeping them in cleartext allows for better diff and overall readability.\n\nAny valid KMS or PGP master key can later decrypt the data key and access the\ndata.\n\nMultiple master keys allow for sharing encrypted files without sharing master\nkeys, and provide a disaster recovery solution. The recommended way to use sops\nis to have two KMS master keys in different regions and one PGP public key with\nthe private key stored offline. If, by any chance, both KMS master keys are\nlost, you can always recover the encrypted data using the PGP private key.\n\nMessage Authentication Code\n~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nIn addition to authenticating branches of the tree using keys as additional\ndata, sops computes a MAC on all the values to ensure that no value has been\nadded or removed fraudulently. The MAC is stored encrypted with AES_GCM and\nthe data key under tree->`sops`->`mac`.\n\nMotivation\n----------\n\nAutomating the distribution of secrets and credentials to components of an\ninfrastructure is a hard problem. We know how to encrypt secrets and share them\nbetween humans, but extending that trust to systems is difficult. Particularly\nwhen these systems follow devops principles and are created and destroyed\nwithout human intervention. The issue boils down to establishing the initial\ntrust of a system that just joined the infrastructure, and providing it access\nto the secrets it needs to configure itself.\n\nThe initial trust\n~~~~~~~~~~~~~~~~~\n\nIn many infrastructures, even highly dynamic ones, the initial trust is\nestablished by a human. An example is seen in Puppet by the way certificates are\nissued: when a new system attempts to join a Puppetmaster, an administrator\nmust, by default, manually approve the issuance of the certificate the system\nneeds. This is cumbersome, and many puppetmasters are configured to auto-sign\nnew certificates to work around that issue. This is obviously not recommended\nand far from ideal.\n\nAWS provides a more flexible approach to trusting new systems. It uses a\npowerful mechanism of roles and identities. In AWS, it is possible to verify\nthat a new system has been granted a specific role at creation, and it is\npossible to map that role to specific resources. Instead of trusting new systems\ndirectly, the administrator trusts the AWS permission model and its automation\ninfrastructure. As long as AWS keys are safe, and the AWS API is secure, we can\nassume that trust is maintained and systems are who they say they are.\n\nKMS, Trust and secrets distribution\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nUsing the AWS trust model, we can create fine grained access controls to\nAmazon's Key Management Service (KMS). KMS is a service that encrypts and\ndecrypts data with AES_GCM, using keys that are never visible to users of the\nservice. Each KMS master key has a set of role-based access controls, and\nindividual roles are permitted to encrypt or decrypt using the master key. KMS\nhelps solve the problem of distributing keys, by shifting it into an access\ncontrol problem that can be solved using AWS's trust model.\n\nOperational requirements\n~~~~~~~~~~~~~~~~~~~~~~~~\n\nWhen Mozilla's Services Operations team started revisiting the issue of\ndistributing secrets to EC2 instances, we set a goal to store these secrets\nencrypted until the very last moment, when they need to be decrypted on target\nsystems. Not unlike many other organizations that operate sufficiently complex\nautomation, we found this to be a hard problem with a number of prerequisites:\n\n1. Secrets must be stored in YAML files for easy integration into hiera\n\n2. Secrets must be stored in GIT, and when a new CloudFormation stack is\n built, the current HEAD is pinned to the stack. (This allows secrets to\n be changed in GIT without impacting the current stack that may\n autoscale).\n\n3. Entries must be encrypted separately. Encrypting entire files as blobs makes\n git conflict resolution almost impossible. Encrypting each entry\n separately is much easier to manage.\n\n4. Secrets must always be encrypted on disk (admin laptop, upstream\n git repo, jenkins and S3) and only be decrypted on the target\n systems\n\nSOPS can be used to encrypt YAML, JSON and BINARY files. In BINARY mode, the\ncontent of the file is treated as a blob, the same way PGP would encrypt an\nentire file. In YAML and JSON modes, however, the content of the file is\nmanipulated as a tree where keys are stored in cleartext, and values are\nencrypted. hiera-eyaml does something similar, and over the years we learned\nto appreciate its benefits, namely:\n\n* diffs are meaningful. If a single value of a file is modified, only that\n value will show up in the diff. The diff is still limited to only showing\n encrypted data, but that information is already more granular that\n indicating that an entire file has changed.\n\n* conflicts are easier to resolve. If multiple users are working on the\n same encrypted files, as long as they don't modify the same values,\n changes are easy to merge. This is an improvement over the PGP\n encryption approach where unsolvable conflicts often happen when\n multiple users work on the same file.\n\nOpenPGP integration\n~~~~~~~~~~~~~~~~~~~\n\nOpenPGP gets a lot of bad press for being an outdated crypto protocol, and while\ntrue, what really made us look for alternatives is the difficulty of managing and\ndistributing keys to systems. With KMS, we manage permissions to an API, not keys,\nand that's a lot easier to do.\n\nBut PGP is not dead yet, and we still rely on it heavily as a backup solution:\nall our files are encrypted with KMS and with one PGP public key, with its\nprivate key stored securely for emergency decryption in the event that we lose\nall our KMS master keys.\n\nSOPS can be used without KMS entirely, the same way you would use an encrypted\nPGP file: by referencing the pubkeys of each individual who has access to the file.\nIt can easily be done by providing sops with a comma-separated list of public keys\nwhen creating a new file:\n\n.. code:: bash\n\n\t$ sops --pgp \"E60892BB9BD89A69F759A1A0A3D652173B763E8F,84050F1D61AF7C230A12217687DF65059EF093D3,85D77543B3D624B63CEA9E6DBC17301B491B3F21\" mynewfile.yaml\n\nThreat Model\n------------\n\nThe security of the data stored using sops is as strong as the weakest\ncryptographic mechanism. Values are encrypted using AES256_GCM which is the\nstrongest symetric encryption algorithm known today. Data keys are encrypted\nin either KMS, which also uses AES256_GCM, or PGP which uses either RSA or\nECDSA keys.\n\nGoing from the most likely to the least likely, the threats are as follows:\n\nCompromised AWS credentials grant access to KMS master key\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nAn attacker with access to an AWS console can grant itself access to one of\nthe KMS master keys used to encrypt a sops data key. This threat should be\nmitigated by protecting AWS accesses with strong controls, such as multi-factor\nauthentication, and also by performing regular audits of permissions granted\nto AWS users.\n\nCompromised PGP key\n~~~~~~~~~~~~~~~~~~~\n\nPGP keys are routinely mishandled, either because owners copy them from\nmachine to machine, or because the key is left forgotten on an unused machine\nan attacker gains access to. When using PGP encryption, sops users should take\nspecial care of PGP private keys, and store them on smart cards or offline\nas often as possible.\n\nFactorized RSA key\n~~~~~~~~~~~~~~~~~~\n\nsops doesn't apply any restriction on the size or type of PGP keys. A weak PGP\nkeys, for example 512 bits RSA, could be factorized by an attacker to gain\naccess to the private key and decrypt the data key. Users of sops should rely\non strong keys, such as 2048+ bits RSA keys, or 256+ bits ECDSA keys.\n\nWeak AES cryptography\n~~~~~~~~~~~~~~~~~~~~~\n\nA vulnerability in AES256_GCM could potentially leak the data key or the KMS\nmaster key used by a sops encrypted file. While no such vulnerability exists\ntoday, we recommend that users keep their encrypted files reasonably private.\n\nBackward compatibility\n----------------------\n\n`sops` will remain backward compatible on the major version, meaning that all\nimprovements brought to the 1.X branch (current) will maintain the file format\nintroduced in **1.0**.\n\nLicense\n-------\nMozilla Public License Version 2.0\n\nAuthors\n-------\n* Julien Vehent (lead & maintainer)\n\n* Daniel Thornton \n* Alexis Metaireau \n* R\u00e9my Hubscher \n* Todd Wolfson \n* Brian Hourigan \n\nCredits\n-------\n\n`sops` is inspired by `hiera-eyaml `_,\n`credstash `_ ,\n`sneaker `_,\n`password store `_ and too many years managing\nPGP encrypted files by hand...\n", "description_content_type": "", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/mozilla/sops", "keywords": "mozilla secret credential encryption aws kms", "license": "MPL", "maintainer": "", "maintainer_email": "", "name": "sops", "package_url": "https://pypi.org/project/sops/", "platform": "", "project_url": "https://pypi.org/project/sops/", "project_urls": { "Homepage": "https://github.com/mozilla/sops" }, "release_url": "https://pypi.org/project/sops/1.18/", "requires_dist": null, "requires_python": "", "summary": "Secrets OPerationS (sops) is an editor of encrypted files", "version": "1.18" }, "last_serial": 4536747, "releases": { "0.2": [ { "comment_text": "", "digests": { "md5": "42f9272de8443b9d9a325bafeeeec9ab", "sha256": "3d7aa67acb77b51f78378f5ef5e74bec871df5c090202f67dd5707a6a69854e8" }, "downloads": -1, "filename": "sops-0.2.tar.gz", "has_sig": true, "md5_digest": "42f9272de8443b9d9a325bafeeeec9ab", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 17011, "upload_time": "2015-09-07T01:50:57", "url": "https://files.pythonhosted.org/packages/1c/43/6dc119fff6a50c1c87af4b693071a16db0076385859e3852111c7dc4a9d7/sops-0.2.tar.gz" } ], "0.3": [ { "comment_text": "", "digests": { "md5": "1bd816a84972826a3dbfd11547926cfa", "sha256": "7ed3b4d550b158cc1d513a86f0d6a479e138bd05c68c70d056577fade9226ce7" }, "downloads": -1, "filename": "sops-0.3.tar.gz", "has_sig": true, "md5_digest": "1bd816a84972826a3dbfd11547926cfa", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 19160, "upload_time": "2015-09-15T21:31:59", "url": "https://files.pythonhosted.org/packages/6a/cb/a39a367bb43162fe1552eac42a79011b75effc26d86c186fbe4b5176cfdb/sops-0.3.tar.gz" } ], "0.4": [ { "comment_text": "", "digests": { "md5": "e8279319e9380516307a9bc961507381", "sha256": "6635464b686cef0166e3cb1d8dd1774fa3ea6955680b94999e8482bfd75d2162" }, "downloads": -1, "filename": "sops-0.4.tar.gz", "has_sig": true, "md5_digest": "e8279319e9380516307a9bc961507381", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 19182, "upload_time": "2015-09-16T18:07:21", "url": "https://files.pythonhosted.org/packages/44/23/dd9041f20f388031d22ef8cb0cf68e557cdd528973e74ed28229e50a5c3b/sops-0.4.tar.gz" } ], "0.5": [ { "comment_text": "", "digests": { "md5": "5efb5b7d93630c19ff858f9d8126b012", "sha256": "78d15bac3e3d0e826e66eba94fe7ea117c164cd1a1503d6c427d5eeaebe0fc0b" }, "downloads": -1, "filename": "sops-0.5.tar.gz", "has_sig": true, "md5_digest": "5efb5b7d93630c19ff858f9d8126b012", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 18444, "upload_time": "2015-09-25T16:21:31", "url": "https://files.pythonhosted.org/packages/bb/d8/746b39143e4d5f8a8e2d1ee67f0441948c8a6201429c3ad34e5b52a29631/sops-0.5.tar.gz" } ], "0.5.1": [ { "comment_text": "", "digests": { "md5": "c831769afc69952afa2f75e4989c03c8", "sha256": "04b94abf725dacddec3e7d43a41acfe147acd32e4b01f341236a96d840b00d47" }, "downloads": -1, "filename": "sops-0.5.1.tar.gz", "has_sig": true, "md5_digest": "c831769afc69952afa2f75e4989c03c8", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 19063, "upload_time": "2015-09-25T18:33:46", "url": "https://files.pythonhosted.org/packages/41/fb/9839ccca8c7885dd62af56cb78ddf74a9d7d6313bc4e0a69021c1cdfb7b9/sops-0.5.1.tar.gz" } ], "0.5.2": [ { "comment_text": "", "digests": { "md5": "4cf6b44972ddd4b9306cee84986e2c88", "sha256": "7570a9ae4901cd74e86d39d5284409e1fcd6315de10e4f4752ab4189e2a056a6" }, "downloads": -1, "filename": "sops-0.5.2.tar.gz", "has_sig": true, "md5_digest": "4cf6b44972ddd4b9306cee84986e2c88", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 19163, "upload_time": "2015-09-25T19:49:04", "url": "https://files.pythonhosted.org/packages/ab/21/b9f466e5f6812915b87c2069ac9387170bea545ac92bed4544516674619c/sops-0.5.2.tar.gz" } ], "0.5.3": [ { "comment_text": "", "digests": { "md5": "8c806770bd4fd952c88fb44ac28bf26a", "sha256": "169e8661fe33894a4122d0a233a0398d42ca86bdad5df02c33b34e7b9115ff0d" }, "downloads": -1, "filename": "sops-0.5.3.tar.gz", "has_sig": true, "md5_digest": "8c806770bd4fd952c88fb44ac28bf26a", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 18273, "upload_time": "2015-09-27T13:04:21", "url": "https://files.pythonhosted.org/packages/7b/59/d751c1232ba7a3ac5fddeb1b52fc3f7a39268222db5129add2101534ff6b/sops-0.5.3.tar.gz" } ], "0.6": [ { "comment_text": "", "digests": { "md5": "b330d69393421ce7efc54910f2126967", "sha256": "7cb11746c78023193f3c024ef9d01bd0f2f37d2a1acfe35888bbda5cf4027f50" }, "downloads": -1, "filename": "sops-0.6.tar.gz", "has_sig": true, "md5_digest": "b330d69393421ce7efc54910f2126967", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 20212, "upload_time": "2015-09-30T19:46:53", "url": "https://files.pythonhosted.org/packages/d0/f8/3f5e35d7c1a3154df79d191ff68ce894db5b9030082b18c98e730f960982/sops-0.6.tar.gz" } ], "0.6.1": [ { "comment_text": "", "digests": { "md5": "db70d32cfeef559ae7bd95696164e133", "sha256": "0f43795f7d0a2d14250d928fe0cdec0d051ef218e933227059105a631550e93e" }, "downloads": -1, "filename": "sops-0.6.1.tar.gz", "has_sig": true, "md5_digest": "db70d32cfeef559ae7bd95696164e133", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 20232, "upload_time": "2015-09-30T22:14:30", "url": "https://files.pythonhosted.org/packages/ca/a7/52803b1712634e0aaa681218b5bee24a57ca0f99aadb96474e71217f6a4a/sops-0.6.1.tar.gz" } ], "0.6.2": [ { "comment_text": "", "digests": { "md5": "e0df21f3c3c7ba40ceb3c19483bddd6c", "sha256": "3ad96ed4bd56040f7674c79452a9dd34de6ce0981dac234b5591fc3f74e88ef4" }, "downloads": -1, "filename": "sops-0.6.2.tar.gz", "has_sig": true, "md5_digest": "e0df21f3c3c7ba40ceb3c19483bddd6c", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 22936, "upload_time": "2015-10-01T13:32:59", "url": "https://files.pythonhosted.org/packages/ef/b3/2df9b5c67065f5774ff6f67318b20a957687f65a453990c7e077adbafe45/sops-0.6.2.tar.gz" } ], "0.7": [ { "comment_text": "", "digests": { "md5": "70735e77e68454d90012a540e01739a7", "sha256": "31b1c845e7af56b1a79aa858665204a3067aed8d692ab0067594dabfce3416a7" }, "downloads": -1, "filename": "sops-0.7.tar.gz", "has_sig": true, "md5_digest": "70735e77e68454d90012a540e01739a7", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 23570, "upload_time": "2015-10-05T15:47:37", "url": "https://files.pythonhosted.org/packages/7b/81/e81761a95f52c034dbbdd4dab204e24758d226bf00a3a06a33f6afbb0757/sops-0.7.tar.gz" } ], "0.8": [ { "comment_text": "", "digests": { "md5": "6379f68824138f77524ddf81b98d2817", "sha256": "c2a2bd5eb6c82f233dc119de63a8def4b901836812d3fcb92958306a0709a2cd" }, "downloads": -1, "filename": "sops-0.8.tar.gz", "has_sig": true, "md5_digest": "6379f68824138f77524ddf81b98d2817", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 25318, "upload_time": "2015-10-08T20:38:52", "url": "https://files.pythonhosted.org/packages/a3/45/a30afd03f9436bfa88f22fa28f4eca561354bd7087ea13362df44d6d1c03/sops-0.8.tar.gz" } ], "0.8.1": [ { "comment_text": "", "digests": { "md5": "ac7eaaf4ce109dcdc7b2fc11166a316d", "sha256": "86305433fb04f07934e6617a88bf9580205cc09715d2711cf3aacaa1e9eff5ce" }, "downloads": -1, "filename": "sops-0.8.1.tar.gz", "has_sig": true, "md5_digest": "ac7eaaf4ce109dcdc7b2fc11166a316d", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 25546, "upload_time": "2015-10-09T13:47:47", "url": "https://files.pythonhosted.org/packages/db/f5/3c5167df97508c24208af372cadf8d005f9db096811edc9077235f4ce15f/sops-0.8.1.tar.gz" } ], "0.8.2": [ { "comment_text": "", "digests": { "md5": "e7ae81b4fec8d39a6d8300642272c20d", "sha256": "5e2c3aa374d4af36c1a60ae75d8b310e918d350605fcb5197819fb4e7d79ffd4" }, "downloads": -1, "filename": "sops-0.8.2.tar.gz", "has_sig": true, "md5_digest": "e7ae81b4fec8d39a6d8300642272c20d", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 25529, "upload_time": "2015-10-11T12:32:54", "url": "https://files.pythonhosted.org/packages/c9/8a/d879a7d945375f2de34f3c3047de4a4cae23683ba453be6c398c27d4d407/sops-0.8.2.tar.gz" } ], "0.8.3": [ { "comment_text": "", "digests": { "md5": "71e57c5c484fb0550a067e75753505c7", "sha256": "b559c624ee846171b290842cde38d334e63e605824d2d293cbb53b318c07d046" }, "downloads": -1, "filename": "sops-0.8.3.tar.gz", "has_sig": true, "md5_digest": "71e57c5c484fb0550a067e75753505c7", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 25579, "upload_time": "2015-10-11T13:11:31", "url": "https://files.pythonhosted.org/packages/dd/57/fc202ea604989d2c65872a5a4755efcde25502d9dfce9ed5cc094e07c744/sops-0.8.3.tar.gz" } ], "0.9": [ { "comment_text": "", "digests": { "md5": "3062fa3fd86b6cb9ed9dd5928f62527a", "sha256": "28fff6730df6a7a6518aec323495a7ef189bec91e8e6e40c2aaee79e250e1311" }, "downloads": -1, "filename": "sops-0.9.tar.gz", "has_sig": true, "md5_digest": "3062fa3fd86b6cb9ed9dd5928f62527a", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 35119, "upload_time": "2015-10-28T19:32:15", "url": "https://files.pythonhosted.org/packages/79/9c/eb14027a011de640e2585e2bda7789b62da966534c071d87446001dc99aa/sops-0.9.tar.gz" } ], "1.0": [ { "comment_text": "", "digests": { "md5": "d01c90fa1e02d75ce233bee6a1842aa0", "sha256": "b248019216ff82fb1da57387cf6b7f0eaffaf5b2428a20335c1dd49442445563" }, "downloads": -1, "filename": "sops-1.0.tar.gz", "has_sig": true, "md5_digest": "d01c90fa1e02d75ce233bee6a1842aa0", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 43365, "upload_time": "2015-11-28T13:19:29", "url": "https://files.pythonhosted.org/packages/7f/4e/04e1020e1dffd7bc8aa4e70cf5e0a84f3031efd6bf8124a0025e0ce7fa06/sops-1.0.tar.gz" } ], "1.1": [ { "comment_text": "", "digests": { "md5": "c681eec8af0dda7e2755b853ac0ad73d", "sha256": "704c0fe773ec5bded4d56667e9dd8a808db525812e524c36e8b3fe7e8024039c" }, "downloads": -1, "filename": "sops-1.1.tar.gz", "has_sig": true, "md5_digest": "c681eec8af0dda7e2755b853ac0ad73d", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 43629, "upload_time": "2015-11-30T14:28:26", "url": "https://files.pythonhosted.org/packages/14/b6/99cfcdaa55030ff8c1907455e75606fc294230dfd563bc852b2a5b83bb1c/sops-1.1.tar.gz" } ], "1.10": [ { "comment_text": "", "digests": { "md5": "a35e28e719df040128f5f8feabad6c51", "sha256": "65cf3c4777d389a0f812887e70bbfc36dc6bf3dbb16c18c086ca0b8b63523dfa" }, "downloads": -1, "filename": "sops-1.10.tar.gz", "has_sig": true, "md5_digest": "a35e28e719df040128f5f8feabad6c51", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 55383, "upload_time": "2016-03-30T15:03:16", "url": "https://files.pythonhosted.org/packages/24/06/93a63af53dee16c319048d6b0fd0b60d784d456900997c055103b07824a7/sops-1.10.tar.gz" } ], "1.11": [ { "comment_text": "", "digests": { "md5": "493b6bb478e8147fc279281a77a1eb82", "sha256": "e55c7143d91028a968a25e73b2b914e2b7b4bf776b9e9f9ba4ae72081fe3dc9a" }, "downloads": -1, "filename": "sops-1.11.tar.gz", "has_sig": true, "md5_digest": "493b6bb478e8147fc279281a77a1eb82", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 55553, "upload_time": "2016-04-15T21:19:33", "url": "https://files.pythonhosted.org/packages/12/c5/5d0b85524b2bc21909c146e9a90ea2b0b0a3ebdae8c275d4607f0c413179/sops-1.11.tar.gz" } ], "1.12": [ { "comment_text": "", "digests": { "md5": "60d270f92773caa99fa1b4eae0a10794", "sha256": "6f477b07769694b0f5ba273dbed0a82286deb48400c6c449f984f28bbef5d3f6" }, "downloads": -1, "filename": "sops-1.12.tar.gz", "has_sig": true, "md5_digest": "60d270f92773caa99fa1b4eae0a10794", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 55950, "upload_time": "2016-04-26T14:12:52", "url": "https://files.pythonhosted.org/packages/52/7a/5e28550084c9722e656bd044ddd066dab53093a3e7220016d07a0a283b04/sops-1.12.tar.gz" } ], "1.13": [ { "comment_text": "", "digests": { "md5": "9c2bfd675ba91220c555ea7ba2de46dd", "sha256": "aeb0213c27d033755acf894fb2c57138843e5d571d0895c708060f7b9fa5adff" }, "downloads": -1, "filename": "sops-1.13.tar.gz", "has_sig": true, "md5_digest": "9c2bfd675ba91220c555ea7ba2de46dd", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 56216, "upload_time": "2016-05-13T18:01:38", "url": "https://files.pythonhosted.org/packages/51/f5/f529436dff6af2322288ee753d2b44b443eaf082194275036b1b39b63c8c/sops-1.13.tar.gz" } ], "1.14": [ { "comment_text": "", "digests": { "md5": "9143750378f1ce9ed00d8337d9bd4423", "sha256": "3af953198e54c9564b74f35c937ec230365a74c3659c720e083422103e064a9e" }, "downloads": -1, "filename": "sops-1.14.tar.gz", "has_sig": true, "md5_digest": "9143750378f1ce9ed00d8337d9bd4423", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 58597, "upload_time": "2016-09-08T14:44:07", "url": "https://files.pythonhosted.org/packages/73/78/efb0e0cc6715ccbfdbd82e802c0f394bd8794d159b0998d5d60b4250b702/sops-1.14.tar.gz" } ], "1.15": [ { "comment_text": "", "digests": { "md5": "b4cacc2f81966ac4163a052a99afe279", "sha256": "45fc8f55fc0c600dc51a9bbb3b615a32af201f34bfc7806c98c707ef7a2bad1d" }, "downloads": -1, "filename": "sops-1.15.tar.gz", "has_sig": true, "md5_digest": "b4cacc2f81966ac4163a052a99afe279", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 59098, "upload_time": "2016-11-03T01:05:07", "url": "https://files.pythonhosted.org/packages/a9/b3/45763c92831314e4c820208ed908d59205adf25f4a7f4f5d7bee86e860a9/sops-1.15.tar.gz" } ], "1.16": [ { "comment_text": "", "digests": { "md5": "4d1c44395038408b596f05344dc643f2", "sha256": "13d8198f8dd12064600189a0c2f16aa45345622d5b8ca14b880aebf018bad6b5" }, "downloads": -1, "filename": "sops-1.16.tar.gz", "has_sig": true, "md5_digest": "4d1c44395038408b596f05344dc643f2", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 59206, "upload_time": "2017-01-09T14:14:59", "url": "https://files.pythonhosted.org/packages/b0/fa/61b0562f20d26488c6e64cf6cd704a1af8caf4d8bea34ec3953f47eff7f8/sops-1.16.tar.gz" } ], "1.17": [ { "comment_text": "", "digests": { "md5": "b00e4026869fcd6b2c7e2aeb5d583d9d", "sha256": "5b69ac95cb360d0b9a6191e40204f75400cd1c1fe89f0dd2067193bff13f346a" }, "downloads": -1, "filename": "sops-1.17.tar.gz", "has_sig": true, "md5_digest": "b00e4026869fcd6b2c7e2aeb5d583d9d", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 59537, "upload_time": "2018-04-19T21:39:22", "url": "https://files.pythonhosted.org/packages/4a/5e/03dd512bdc0c9a2aec9135bb55cbfdee7f727bff6c945f835bf88c3d771f/sops-1.17.tar.gz" } ], "1.18": [ { "comment_text": "", "digests": { "md5": "9f217e78f0f114d38ee8265bbff4724f", "sha256": "0107cc0c39839799b7fec0f2c80acbf938e52fdcddd3775743c6666265a9e0fd" }, "downloads": -1, "filename": "sops-1.18.tar.gz", "has_sig": true, "md5_digest": "9f217e78f0f114d38ee8265bbff4724f", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 59921, "upload_time": "2018-11-28T03:04:43", "url": "https://files.pythonhosted.org/packages/c7/43/c4f1db33a40cf2f960df2a2b7f07149244808ff74badb2d2c3b556ef11a0/sops-1.18.tar.gz" } ], "1.2": [ { "comment_text": "", "digests": { "md5": "c0ec7ae478e46840ecdbc0aaa0b44734", "sha256": "4dd478ccbfffa0ee2d0b1c4f03c4943bf343c41a1e5fbb13db442cc932a355dc" }, "downloads": -1, "filename": "sops-1.2.tar.gz", "has_sig": true, "md5_digest": "c0ec7ae478e46840ecdbc0aaa0b44734", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 43669, "upload_time": "2015-12-10T20:58:48", "url": "https://files.pythonhosted.org/packages/19/e0/4d8666a77c304ed8e2a576f9d4182f59533d77d0fdfe9ed75f5be50c54dd/sops-1.2.tar.gz" } ], "1.3": [ { "comment_text": "", "digests": { "md5": "65e6049da72972a784870601d19aa02b", "sha256": "fb86bdd4e71f3faaf8f409135cf90f51550b512d721d8d987c33fe727128c542" }, "downloads": -1, "filename": "sops-1.3.tar.gz", "has_sig": true, "md5_digest": "65e6049da72972a784870601d19aa02b", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 43753, "upload_time": "2016-01-06T00:25:51", "url": "https://files.pythonhosted.org/packages/51/b4/8b652e36322b26957f7c828f70e410cc468f7d2c79909fd6a57c85285e89/sops-1.3.tar.gz" } ], "1.4": [ { "comment_text": "", "digests": { "md5": "b1b7e489ed47346ef21db6d260914bf2", "sha256": "ab83a0b4e9922fcc75e4cfddc02a909db29db1c00e4e767d54a77b7c41d0471e" }, "downloads": -1, "filename": "sops-1.4.tar.gz", "has_sig": true, "md5_digest": "b1b7e489ed47346ef21db6d260914bf2", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 44886, "upload_time": "2016-02-02T22:21:09", "url": "https://files.pythonhosted.org/packages/d8/26/79dc5d0c5162e7d16fad23c5f1d96c8c0c3cb34db09bf872131944aa914b/sops-1.4.tar.gz" } ], "1.5": [ { "comment_text": "", "digests": { "md5": "991492844a1a26061247a9a8499d6081", "sha256": "552a948403cb968e2db0ee4e7027644b7afd1b7c8a6ce3309100a1a3f0e08c53" }, "downloads": -1, "filename": "sops-1.5.tar.gz", "has_sig": true, "md5_digest": "991492844a1a26061247a9a8499d6081", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 48167, "upload_time": "2016-02-03T17:47:15", "url": "https://files.pythonhosted.org/packages/e8/af/264a8eee8730fa417b936adc449926cb94389a4cfd3cbd77fe3fc41853ce/sops-1.5.tar.gz" } ], "1.6": [ { "comment_text": "", "digests": { "md5": "ca66aa6588371fb207fbee8d4d95981e", "sha256": "8962f97e035651768c5541970bc5228b09d9e2441dc786b643b14688e2b86f3b" }, "downloads": -1, "filename": "sops-1.6.tar.gz", "has_sig": true, "md5_digest": "ca66aa6588371fb207fbee8d4d95981e", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 48189, "upload_time": "2016-02-03T18:55:56", "url": "https://files.pythonhosted.org/packages/d2/63/a7c1f78075a3dde81b961a3c92488d4b34e2314d7060cc89ade1aad50bf4/sops-1.6.tar.gz" } ], "1.7": [ { "comment_text": "", "digests": { "md5": "9b0b633f164ee63b2a0e138c1528bcdd", "sha256": "c30602633b379ecfc933f070d2f85da661d948868c7be0617ee79344a9f23352" }, "downloads": -1, "filename": "sops-1.7.tar.gz", "has_sig": true, "md5_digest": "9b0b633f164ee63b2a0e138c1528bcdd", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 51514, "upload_time": "2016-02-24T20:13:50", "url": "https://files.pythonhosted.org/packages/6d/a4/547f4f060ecc5d9a0b74ac35d53bcc2879808bc41c20010029f10d3059c9/sops-1.7.tar.gz" } ], "1.8": [ { "comment_text": "", "digests": { "md5": "f3723d693be3ccb3a600c257b791e52e", "sha256": "c338a31a86660fcd6b76260d55de1c197f2a93048275f9441bdbab2fe93b1b40" }, "downloads": -1, "filename": "sops-1.8.tar.gz", "has_sig": true, "md5_digest": "f3723d693be3ccb3a600c257b791e52e", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 51774, "upload_time": "2016-03-16T23:54:13", "url": "https://files.pythonhosted.org/packages/89/df/1dd47f712fef1966096523034a88cf7ede4be95e8d301155630bb5ac8f4f/sops-1.8.tar.gz" } ], "1.9": [ { "comment_text": "", "digests": { "md5": "edcbe0f81b0d552e7d68b5825214366c", "sha256": "53375813c147f60a0fc3250da62e0fb0d593828aa6f1676b15468c0ebb6a9cb1" }, "downloads": -1, "filename": "sops-1.9.tar.gz", "has_sig": true, "md5_digest": "edcbe0f81b0d552e7d68b5825214366c", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 51817, "upload_time": "2016-03-24T21:57:48", "url": "https://files.pythonhosted.org/packages/11/a2/ed7b0a768d243ea3db3f6e91a144ae987c2e998215171b510c2bb2ae12c4/sops-1.9.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "9f217e78f0f114d38ee8265bbff4724f", "sha256": "0107cc0c39839799b7fec0f2c80acbf938e52fdcddd3775743c6666265a9e0fd" }, "downloads": -1, "filename": "sops-1.18.tar.gz", "has_sig": true, "md5_digest": "9f217e78f0f114d38ee8265bbff4724f", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 59921, "upload_time": "2018-11-28T03:04:43", "url": "https://files.pythonhosted.org/packages/c7/43/c4f1db33a40cf2f960df2a2b7f07149244808ff74badb2d2c3b556ef11a0/sops-1.18.tar.gz" } ] }