SOPS Virtual Filesystem
VS Code SOPS virtual filesystem extension.
Show Demo Video
- Transparent decryption and re-encryption of SOPS file.
- Mapping SOPS entries to individual virtual files.
- Allows non-trivial text format for each entry in SOPS file so you can enjoy syntax highlighting & formatting powered by VS Code ecosystem.
- Recent version of VS Code that supports l10n API
.sops into SOPS filename so the extension can recognize the file as SOPS, e.g.
files.associations in your settings to associate arbitrary filenames to language ID
Then right click on SOPS filename or the active editor to mount SOPS file as workspace folder.
To unmount the SOPS file, just right click on created workspace folder and select remove the folder from workspace.
Note that changes to SOPS virtual filesystem would be written to original SOPS file on save, no unmount is required.
The SOPS file would now be decrypted and listed in mounted folder, with each file or sub-folder mapping to leaf property or dictionary in SOPS file.
You are free to read, write, rename, delete on those files and create folders.
Additionally with the special file
__sopsfs__.<extname> corresponding to direct decryption output of SOPS file, only read & write operations are available for this file.
Custom Decryption Keys
sopsfs.env in settings to pass SOPS environment variables for keys. See Usage section in SOPS README.
See also demo settings.
This section is for developers, end-users don't have to read this.
sops:/<base64url encoded SOPS URI>/<path>
<base64url encoded SOPS URI>
base64url encoded URI of SOPS file, which is going to be accessed.
For example, given a URI
file:///home/alice/project/secrets.yaml it has
<base64url encoded SOPS URI> of
As we use vscode.workspace.fs API instead of native
fs module to access files, the URI can be any type of schemas registered.
Virtual filesystem path mapping to property tree of SOPS file.
For example, given a property path
foo.bar.prop it has