Ecosyste.ms: Packages

An open API service providing package, version and dependency metadata of many open source software ecosystems and registries.

Top 0.8% on proxy.golang.org
Top 0.7% dependent packages on proxy.golang.org
Top 1.1% dependent repos on proxy.golang.org
Top 1.1% forks on proxy.golang.org
Top 0.8% docker downloads on proxy.golang.org

proxy.golang.org : go.mozilla.org/sops

Package sops manages JSON, YAML and BINARY documents to be encrypted or decrypted. This package should not be used directly. Instead, Sops users should install the command line client via `go get -u go.mozilla.org/sops/cmd/sops`, or use the decryption helper provided at `go.mozilla.org/sops/decrypt`. We do not guarantee API stability for any package other than `go.mozilla.org/sops/decrypt`. A Sops document is a Tree composed of a data branch with arbitrary key/value pairs and a metadata branch with encryption and integrity information. In JSON and YAML formats, the structure of the cleartext tree is preserved, keys are stored in cleartext and only values are encrypted. Keeping the values in cleartext provides better readability when storing Sops documents in version controls, and allows for merging competing changes on documents. This is a major difference between Sops and other encryption tools that store documents as encrypted blobs. In BINARY format, the cleartext data is treated as a single blob and the encrypted document is in JSON format with a single `data` key and a single encrypted value. Sops allows operators to encrypt their documents with multiple master keys. Each of the master key defined in the document is able to decrypt it, allowing users to share documents amongst themselves without sharing keys, or using a PGP key as a backup for KMS. In practice, this is achieved by generating a data key for each document that is used to encrypt all values, and encrypting the data with each master key defined. Being able to decrypt the data key gives access to the document. The integrity of each document is guaranteed by calculating a Message Authentication Code (MAC) that is stored encrypted by the data key. When decrypting a document, the MAC should be recalculated and compared with the MAC stored in the document to verify that no fraudulent changes have been applied. The MAC covers keys and values as well as their ordering.

Registry - Source - Documentation - JSON
purl: pkg:golang/go.mozilla.org/sops
Keywords: aws, azure, devops, gcp, pgp, secret-distribution, secret-management, security, sops
License: MPL-2.0
Latest release: 3 days ago
Namespace: go.mozilla.org
Dependent packages: 49
Dependent repositories: 27
Stars: 12,428 on GitHub
Forks: 720 on GitHub
Docker dependents: 9
Docker downloads: 36,180
See more repository details: repos.ecosyste.ms
Last synced: 3 days ago