When implementing GitOps as your continuous delivery process Git becomes the single source of truth for deployments. Kubernetes is a declarative system which means you specify the desired state in YAML files. For this reason, GitOps is often used as a continuous delivery process for Kubernetes. The YAML files are stored in version control, and a GitOps tool like ArgoCD compares the desired state (Git) with the current state and applies changes to Kubernetes. Secrets are also part of Kubernetes deployments and are stored in version control as well. It’s essential to encrypt them before committing to Git. SOPS is a popular CLI tool to encrypt secrets. It integrates with Azure Key Vault to implement envelope encryption.
This article explains how you can encrypt secrets using SOPS and Azure Key Vault.