sops VS sealed-secrets

Compare sops vs sealed-secrets and see what are their differences.


Simple and flexible tool for managing secrets (by mozilla)


A Kubernetes controller and tool for one-way encrypted Secrets (by bitnami-labs)
Our great sponsors
  • OPS - Build and Run Open Source Unikernels
  • SonarQube - Static code analysis for 29 languages.
  • Scout APM - Less time debugging, more time building
sops sealed-secrets
52 30
8,939 4,306
3.3% 4.6%
4.0 7.5
11 days ago 6 days ago
Go Go
Mozilla Public License 2.0 Apache License 2.0
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.


Posts with mentions or reviews of sops. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-01-16.


Posts with mentions or reviews of sealed-secrets. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-01-16.
  • How can I encrypt data in a ConfigMap?
    3 projects | | 16 Jan 2022
    Firstly for sensitive data I would use a secret which is base64 encode. To encrypt the encoded data I would look at using SOPS Using Sealed Secrets is another option also
  • Top 200 Kubernetes Tools for DevOps Engineer Like You
    84 projects | | 15 Jan 2022
    kops - Production Grade K8s Installation, Upgrades, and Management silver-surfer - Check ApiVersion compatibility and provide Migration path for Kubernetes objects when upgrading Kubernetes to latest versions Kube-ops-view - Kubernetes Operational View - read-only system dashboard for multiple K8s clusters kubeprompt - Kubernetes prompt info Metalk8s - An opinionated Kubernetes distribution with a focus on long-term on-prem deployments kind - Kubernetes IN Docker - local clusters for testing Kubernetes Clusterman - Cluster Autoscaler for Kubernetes and Mesos Cert-manager - Automatically provision and manage TLS certificates Goldilocks - Get your resource requests "Just Right" katafygio - Dump, or continuously backup Kubernetes objets as yaml files in git Rancher - Complete container management platform Sealed Secrets - A Kubernetes controller and tool for one-way encrypted Secrets OpenKruise/Kruise - Automate application workloads management on Kubernetes kubectl snapshot - Take Cluster Snapshots kapp - simple deployment tool focused on the concept of "Kubernetes application" โ€” a set of resources with the same label keda - Event-driven autoscaler for Kubernetes Octant - To better understand the complexity of Kubernetes clusters Portainer - Portainer inside a Kubernetes environment Gardener - Deliver fully-managed clusters at scale everywhere with your own Kubernetes-as-a-Service Kubed - Kubernetes Cluster Operator Daemon Kubestack - Kubestack is the free and open-source GitOps framework to codify your custom platform stack using Terraform.
  • Raspberry Pi K3s Cluster
    3 projects | | 1 Jan 2022
    My first approach to keeping secrets versioned was using Sealed Secrets. However, I gave up on the sealed secrets because I rebuilt the cluster frequently and always lost the encryption keys since I didn't care to make backups. I found it a lot easier to keep an encrypted secrets.yaml file in the repository. Every time I spin up a new cluster in this workflow, I have to decrypt the file and apply it to the new cluster. Although it is encrypted, I don't recommend keeping the file in a public Github repository. I'm doing this to avoid losing the secrets while I work out a better flow for personal projects.
  • Where to keep the yaml files
    4 projects | | 26 Dec 2021
    And use sops, ansible-vault or bitnami sealed secrets, and you can even safely store encrypted configurations in version control
  • I have sensitive information in my ConfigMap. How can I secure it.
    4 projects | | 20 Dec 2021
    Alternatively, you can also explore SealedSecrets.
    4 projects | | 20 Dec 2021
    There are some options. Hope this will do
  • Gotta love gitops
    3 projects | | 16 Dec 2021
    you can use hashicorp vault for it, but for start you can use sealed-secrets
  • Automating Creation of Bitnami Sealed Secrets
    1 project | | 8 Dec 2021
    I've been using Bitnami Sealed Secrets ( for a while now and have created a script that will take a file as an input and generate a sealed secret to be deployed into the cluster from the input file.
  • How to securely reference secrets in a Secret yaml file?
    2 projects | | 5 Dec 2021
    There are various tools out there using different ways to tackle secrets management for k8s. You can store them encrypted in git (e.g., use a secret management engine and insert your secrets using a secrets operator ( e.g. - here you would store a CRD describing how to mount nt the secret) or use CSI implementations to mount secrets directly from your secrets provider in your pod (e.g. ).
    2 projects | | 5 Dec 2021

What are some alternatives?

When comparing sops and sealed-secrets you can also consider the following projects:

vault-secrets-operator - Create Kubernetes secrets from Vault for a secure GitOps based workflow.

Vault - A tool for secrets management, encryption as a service, and privileged access management

kubernetes-external-secrets - Integrate external secret management systems with Kubernetes

git-crypt - Transparent file encryption in git

terraform-provider-sops - A Terraform provider for reading Mozilla sops files

kamus - An open source, git-ops, zero-trust secret encryption and decryption solution for Kubernetes applications

terraform-controller - Use K8s to Run Terraform

age - A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

atlantis - Terraform Pull Request Automation

helm-vault - Store secrets for Helm deployments in Hashicorp Vault.

argocd-operator - A Kubernetes operator for managing Argo CD clusters.