Install the sops tool locally (version
3.7.1 is used
in the automated pipeline).
Take the values of AGE secret (from
secrets.md) and put it in a file, e.g.
export SOPS_AGE_KEY_FILE=.age.txt sops -d kubermatic/kubermatic-configuration.yaml sops -d kubermatic/values.yaml
With above commands, you will get on standard output the decrypted content of the files.
You can also use
-i option to use the in-place update of the file.
Make sure that you never commit the files with decrypted values inside your repository!
If you want to update some values or encrypt a new ones, you will need the AGE public key (set in
which is passed to the
sops -e --encrypted-regex 'secret|Secret|key|Key|password|hash' --age $AGE_PUBLIC_KEY kubermatic/values.yaml
You should decrypt the whole file if you are willing to update some parts, otherwise
sops will complain
that there the file has already some encrypted values.