pre-commit-sops
is a pre-commit hook that detects SOPS secrets that are unencrypted or encrypted with the wrong key(s). pre-commit-sops
uses your .sops.yaml
file to match files to the correct keys.
pre-commit-sops
is conservative by default and checks all files with secret
anywhere in the path; that means all files with secret
in their name or under a directory with secret
in the name must be encrypted. This rule can be adjusted by modifying the values of the files
or exclude
keys in the hook's configuration.
Add this to your .pre-commit-config.yaml
- repo: https://github.com/squat/pre-commit-sops
rev: 0.1.0
hooks:
- id: sops