In a previous post, we discussed using age to manage secrets in Git repositories. In this post, let’s improve our secrets management workflow in Git repositories using SOPS.

sops is an editor of encrypted files that supports popular configuration formats such as YAML and various encryption techniques such as age.

Read the blog post about age to install the package and creating the key file.

This time, we will use sops to perform encryption and decryption operations instead of the age command.

When you begin your career in IT, you will be required to learn Git sooner or later. Git is a key technology used in everyday software engineering and DevOps. It has become persuasive and quintessential. There is no need to hard sell Git to anyone at this point.

There is a lot to learn about Git. The good news is that you can start with a subset of Git. There is a no need to become a Git master on your day one of software engineering or DevOps engineering. You can follow a tutorial and take home a Git workflow on day one. In about three days of studying and practising Git, you will be ready to use Git in software engineering and DevOps workflows.

Are you storing secrets such as database credentials, API keys, etc. unencrypted in Git repositories? Stop.

To protect your secrets, do not store them anywhere unencrypted. Especially in Git repositories. Ideally, your organization must have some vault solution where secrets can be stored and securely shared with people on a need-to-know basis. In many small organizations, having such a central secrets management solution is still a luxury. The need to store such secret information in Git repositories is obvious. There are a few ways in which you can encrypt secrets. We discussed using Ansible Vault in one of the previous blog posts.

Using Git with SSH is a common practice among software developers. The convenience of not having to remember passwords is a huge productivity boost in software development workflows.

In a previous blog post, I wrote about managing SSH keys.

Having many SSH keys can cause few issues:

• ssh-agent doesn’t work well with too many keys.
• Can’t always map SSH keys to servers in SSH client configuration. Both personal and company projects Git can be hosted on the same server or third-party service such as Github.
• Some Git hosting services do not allow you to use the same SSH key in more than one user profile. You are forced to have a unique SSH keypair per user profile.
• The SSH server might refuse to allow too many authentication attempts.

Git allows you to set the environment variable GIT_SSH_COMMAND. If you set this environment variable, Git uses the specified command for push and pull operations.