Skip to content
| Marketplace
Sign in
Visual Studio Code>Other>@s2504s/vscode-sopsNew to Visual Studio Code? Get it now.
@s2504s/vscode-sops

@s2504s/vscode-sops

s2504s

|
1 install
| (0) | Free
Installation
Launch VS Code Quick Open (Ctrl+P), paste the following command, and press enter.
Copied to clipboard
More Info

@s2504s/vscode-sops

Transparent encryption & decryption of SOPS-managed secrets directly in VS Code and Cursor.

VS Code Marketplace Open VSX License: MIT


✨ Features

  • Real-time editing of encrypted yaml, json, dotenv, ini, plaintext and binary files in-place
  • Auto-encrypt on save — edits are transparently re-encrypted back to the original file
  • Toggle view — one-click switch between encrypted and decrypted versions via the status bar
  • Creation rules — create new encrypted files using .sops.yaml creation_rules
  • Multiple key providers — AWS KMS, GCP KMS, Azure Key Vault, AGE, PGP
  • Works with SOPS binaries installed via aquaproj/aqua

📦 Installation

From Marketplace

  • VS Code: VS Code Marketplace
  • Cursor / VS Code forks: Open VSX

From .vsix

code --install-extension s2504s-vscode-sops-*.vsix
# or
cursor --install-extension s2504s-vscode-sops-*.vsix

⚙️ Requirements

  1. Install SOPS and ensure sops is available in $PATH
  2. (Optional) For .env support install the DotENV extension

🎬 New to SOPS? Check out this tutorial on YouTube


🔧 Extension Settings

Setting Type Default Description
sops.enabled boolean true Enable / disable the extension
sops.beta boolean false Switch between stable and beta release at runtime
sops.binPath string sops Path to the SOPS binary
sops.configPath string ./.sopsrc Path to the config file (absolute or relative)
sops.creationEnabled boolean false Encrypt new files matching .sops.yaml creation_rules
sops.defaults.awsProfile string — AWS profile for --aws-profile (falls back to $AWS_PROFILE)
sops.defaults.gcpCredentialsPath string — GCP credentials path (falls back to $GOOGLE_APPLICATION_CREDENTIALS)
sops.defaults.ageKeyFile string — AGE key file path (falls back to $SOPS_AGE_KEY_FILE)
sops.defaults.ignoreMac boolean false Skip MAC verification
sops.defaults.macOnlyEncrypted boolean false Compute MAC only over encrypted values

📄 Config file

Project-level config file named .sopsrc (YAML format) in the workspace root:

awsProfile: my-profile-1
gcpCredentialsPath: /home/user/Downloads/my-key.json
ageKeyFile: /home/user/age.txt

🛠 Development

Prerequisites

  • Node.js LTS (currently 22.x)
  • npm ci to install dependencies

Build and lint

npm run compile   # Compile TypeScript → out/
npm run lint      # Run ESLint
npm run watch     # Compile in watch mode

Release process

  1. Bump version in package.json (follow semver)
  2. Run npm install to update package-lock.json
  3. Add an entry to CHANGELOG.md
  4. Merge to master — CI/CD will automatically:
    • Build and lint the extension
    • Publish to VS Code Marketplace and Open VSX

Manual publish (if needed)

npx vsce package                      # Build .vsix artifact
npx vsce publish -p <VSCE_TOKEN>      # Publish to VS Code Marketplace
npx ovsx publish -p <OVSX_TOKEN>      # Publish to Open VSX
Tool Purpose Install
vsce VS Marketplace CLI bundled in devDependencies
ovsx Open VSX CLI npm install -g ovsx

📚 References

  • Publishing VS Code Extensions
  • Publishing to Open VSX
  • SOPS documentation

📝 Changelog

See CHANGELOG.md for the full version history.

🐛 Issues

Found a bug? Open an issue.


📜 License

MIT

  • Contact us
  • Jobs
  • Privacy
  • Manage cookies
  • Terms of use
  • Trademarks
© 2026 Microsoft