https://devops.sarmento.org/en/tags/security/Recent content in Security on /var/log/janioHugoenTue, 26 May 2026 07:00:00 +0000https://devops.sarmento.org/en/posts/sops-and-age-secrets-management-in-practice/Tue, 26 May 2026 07:00:00 +0000https://devops.sarmento.org/en/posts/sops-and-age-secrets-management-in-practice/<p>As I previously discussed in my post on <a href="https://devops.sarmento.org/posts/secret-management-macos-linux/">secret management in macOS and Linux</a>, the real challenge of managing keys and tokens isn&rsquo;t the encryption itself, but reducing accidental leakage without turning the sysadmin&rsquo;s daily routine into a bureaucratic nightmare. Over the last few years, however, a duo of tools has gained significant traction and completely changed this dynamic: <strong>Mozilla SOPS</strong> and <strong>age</strong>. Together, they enable a declarative, GitOps-friendly, and extremely secure approach with virtually zero friction. This post is a detailed look at how these tools work and how to integrate them practically into your daily workflow.</p>https://devops.sarmento.org/en/posts/secret-management-macos-linux/Sun, 17 May 2026 11:54:00 +0000https://devops.sarmento.org/en/posts/secret-management-macos-linux/<p>At some point in the life of almost every sysadmin, there comes a slightly uncomfortable realization: too many secrets are scattered across the environment.</p> <p>A password inside a <code>.env</code> file here, a token buried in shell history there, a forgotten webhook inside a <code>docker-compose.yml</code>, an API key hardcoded into a “temporary” script that somehow survived for two years in production. None of those things seem catastrophic individually. The problem is that infrastructure rarely collapses because of one gigantic mistake; most of the time, it collapses under the accumulated weight of dozens of tiny operational shortcuts.</p>