SOPS is a real source-controlled secrets tool from the Getsops organization. It edits encrypted files in place and supports YAML, JSON, ENV, INI, and binary formats. The project supports AWS KMS, GCP KMS, Azure Key Vault, age, and PGP, which makes it a strong fit for teams that need encrypted configuration checked into Git without exposing plaintext.nnUse this skill when an agent needs to manage secret files, rotate encryption keys, update creation rules, or guide a workflow that depends on local decryption through approved identities. The upstream README includes install paths, usage examples, key rotation instructions, and direct editing flows. It is especially useful in deployment and infrastructure automation where the job is to keep credentials readable only to authorized operators.nnFor ASE, SOPS belongs in security verification and operational hygiene. It is an active open source project with releases and a long-running documentation trail. The practical job-to-be-done is simple: keep sensitive config usable for automation, but encrypted at rest in the repo.