Skip to content
🛥️🐳 KSail

ksail cipher decrypt

Decrypt a file using SOPS (Secrets OPerationS).


If no file is given, input is read from stdin.


SOPS supports multiple key management systems:
  - age recipients
  - PGP fingerprints
  - AWS KMS
  - GCP KMS
  - Azure Key Vault
  - HashiCorp Vault


Example:
  ksail cipher decrypt secrets.yaml
  ksail cipher decrypt secrets.yaml --extract '["data"]["password"]'
  ksail cipher decrypt secrets.yaml --output plaintext.yaml
  ksail cipher decrypt secrets.yaml --ignore-mac
  cat secrets.enc.yaml | ksail cipher decrypt


Usage:
  ksail cipher decrypt [file] [flags]


Flags:
  -e, --extract string   extract a specific key from the decrypted file (JSONPath format)
      --ignore-mac       ignore Message Authentication Code (MAC) check
  -o, --output string    output file path (default: stdout)


Global Flags:
      --benchmark       Show per-activity benchmark output
      --config string   Path to config file (default: ksail.yaml found via directory traversal)