Secret Management
Encrypt and decrypt secrets using SOPS with support for age, PGP, and cloud KMS providers.
ksail cipher encrypt secret.yamlksail cipher decrypt secret.enc.yamlksail cipher edit secret.enc.yamlksail cipher rotate secret.enc.yamlksail cipher import AGE-SECRET-KEY-1...Supported KMS: See Key Management Systems for supported providers and documentation links.
Flux Integration
Section titled “Flux Integration”When using Flux as the GitOps engine and SOPS is enabled, KSail automatically creates or updates a sops-age Secret in the flux-system namespace containing your Age private key, if one can be resolved. Flux Kustomization CRDs reference this Secret via spec.decryption.secretRef. Key resolution priority: SOPS_AGE_KEY env var → platform-specific key file. Configure via spec.cluster.sops in ksail.yaml. See sops (SOPS).