- sops ( https://github.com/getsops/sops )
- kustomize
- ksops ( https://github.com/viaduct-ai/kustomize-sops )
remember to switch GCP config via gcloud configurations activate foo
sops -i --encrypt -gcp-kms "$KMS_PATH" -encrypted-regex '^(data)$' secret.yaml
sops --decrypt foo
kustomize build --enable-alpha-plugins --enable-exec overlays/dev