Mozilla SOPS Key
Service Name: Mozilla SOPS (Secrets OPerationS)
Service Description: Mozilla SOPS is an open-source editor for encrypted files that supports YAML, JSON, ENV, INI, and BINARY formats. It encrypts specific values within a file rather than the entire file, making it easier to manage and track changes to encrypted content.
Service Address: https://github.com/mozilla/sops
Validation Type: Unavailable
IP Allow list: Does not exist
Secret Access Scope: Grants ability to decrypt files encrypted with SOPS using various key management services (AWS KMS, GCP KMS, Azure Key Vault, age, or PGP).
Secret Revokement URL: Does not exist (depends on the underlying key management service used)
Secret Example: age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p
Suspicious Activity Investigation Instructions:
- Review version control history for unauthorized changes to encrypted files
- Check access logs of the underlying key management service (AWS KMS, GCP KMS, etc.)
- Verify if any encrypted files have been decrypted without authorization
- Examine audit logs for unusual patterns of file access or decryption attempts
- Monitor for unexpected changes to the .sops.yaml configuration file
Mitigation Instructions:
- Rotate the underlying encryption keys in the respective key management
service
- Update the .sops.yaml configuration file to use new keys
- Re-encrypt all affected files with the new keys
- Revoke access to the compromised keys in your key management service
- Update CI/CD pipelines and deployment systems to use the new keys
- Consider implementing stricter access controls on encrypted files
- Review and update key rotation policies