⚠️ DEPRECATED: This repository is no longer maintained. The sops plugin functionality is now built directly into Spacelift's native plugins feature. Customers can install and configure the sops plugin through the Spacelift UI or API instead of using this Terraform module.For current documentation on using the sops plugin, please refer to the Spacelift documentation.
This module adds the SOPS plugin to your Spacelift account.
It will decrypt an arbitrary number of files based on config you set.
- Spin up the module (see examples below)
- Add the
plugin_sopslabel to any stack that has access to your decryption keys. - The secrets you define in your
.sops.yamlwill automatically be decrypted with your configuredcreation_rules.
The .sops.yaml file is a configuration file that tells sops how to decrypt your files.
It is a YAML file that contains a list of creation_rules that define how to decrypt your files.
Read more on sops official repository: https://github.com/getsops/sops
In addition to the sops config, this plugin also uses the .sops.yaml file to determine which files to decrypt.
simply add a list of secrets to your .sops.yaml in your working directory and the plugin will decrypt them.
The following .sops.yaml example will decrypt a test_secret.yaml file using the defined kms key.
creation_rules:
- kms: arn:aws:kms:us-east-2:694182862388:key/6825a259-28df-43be-80f8-6122eb8a5903
secrets:
- test_secret.yamlmodule "plugin_sops" {
source = "spacelift.io/spacelift-solutions/plugin-sops/spacelift"
# Optional Variables
name = "plugin-sops"
space_id = "root"
}| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| name | Name of the context | string |
"plugin_sops" |
no |
| space_id | ID of the space | string |
"root" |
no |