@s2504s/vscode-sops

Transparent encryption & decryption of SOPS-managed secrets directly in VS Code and Cursor.

✨ Features

Real-time editing of encrypted yaml, json, dotenv, ini, plaintext and binary files in-place
Auto-encrypt on save — edits are transparently re-encrypted back to the original file
Toggle view — one-click switch between encrypted and decrypted versions via the status bar
Creation rules — create new encrypted files using .sops.yaml creation_rules
Multiple key providers — AWS KMS, GCP KMS, Azure Key Vault, AGE, PGP
Works with SOPS binaries installed via aquaproj/aqua

📦 Installation

From Marketplace

VS Code: VS Code Marketplace
Cursor / VS Code forks: Open VSX

From `.vsix`

code --install-extension s2504s-vscode-sops-*.vsix
# or
cursor --install-extension s2504s-vscode-sops-*.vsix

⚙️ Requirements

Install SOPS and ensure sops is available in $PATH
(Optional) For .env support install the DotENV extension

🎬 New to SOPS? Check out this tutorial on YouTube

🔧 Extension Settings

Setting	Type	Default	Description
`sops.enabled`	`boolean`	`true`	Enable / disable the extension
`sops.beta`	`boolean`	`false`	Switch between stable and beta release at runtime
`sops.binPath`	`string`	`sops`	Path to the SOPS binary
`sops.configPath`	`string`	`./.sopsrc`	Path to the config file (absolute or relative)
`sops.creationEnabled`	`boolean`	`false`	Encrypt new files matching `.sops.yaml` `creation_rules`
`sops.defaults.awsProfile`	`string`	—	AWS profile for `--aws-profile` (falls back to `$AWS_PROFILE`)
`sops.defaults.gcpCredentialsPath`	`string`	—	GCP credentials path (falls back to `$GOOGLE_APPLICATION_CREDENTIALS`)
`sops.defaults.ageKeyFile`	`string`	—	AGE key file path (falls back to `$SOPS_AGE_KEY_FILE`)
`sops.defaults.ignoreMac`	`boolean`	`false`	Skip MAC verification
`sops.defaults.macOnlyEncrypted`	`boolean`	`false`	Compute MAC only over encrypted values

📄 Config file

Project-level config file named .sopsrc (YAML format) in the workspace root:

awsProfile: my-profile-1
gcpCredentialsPath: /home/user/Downloads/my-key.json
ageKeyFile: /home/user/age.txt

🛠 Development

Prerequisites

Node.js LTS (currently 22.x)
npm ci to install dependencies

Build and lint

npm run compile   # Compile TypeScript → out/
npm run lint      # Run ESLint
npm run watch     # Compile in watch mode

Release process

Bump version in package.json (follow semver)
Run npm install to update package-lock.json
Add an entry to CHANGELOG.md
Merge to master — CI/CD will automatically:
- Build and lint the extension
- Publish to VS Code Marketplace and Open VSX

Manual publish (if needed)

npx vsce package                      # Build .vsix artifact
npx vsce publish -p <VSCE_TOKEN>      # Publish to VS Code Marketplace
npx ovsx publish -p <OVSX_TOKEN>      # Publish to Open VSX

Tool	Purpose	Install
`vsce`	VS Marketplace CLI	bundled in devDependencies
`ovsx`	Open VSX CLI	`npm install -g ovsx`

📚 References

📝 Changelog

See CHANGELOG.md for the full version history.

🐛 Issues

Found a bug? Open an issue.

📜 License

MIT

@s2504s/vscode-sops

s2504s

@s2504s/vscode-sops

✨ Features

📦 Installation

From Marketplace

From .vsix

⚙️ Requirements

🔧 Extension Settings

📄 Config file

🛠 Development

Prerequisites

Build and lint

Release process

Manual publish (if needed)

📚 References

📝 Changelog

🐛 Issues

📜 License

From `.vsix`