amye
commented
1 year ago /vote-sandbox
Closed hiddeco closed 1 year ago
amye
commented
1 year ago /vote-sandbox
git-vote[bot]
commented
1 year ago @amye has called for a vote on [Sandbox] SOPS (#28).
The members of the following teams have binding votes:
| Team |
|---|
| @cncf/cncf-toc |
Non-binding votes are also appreciated as a sign of support!
You can cast your vote by reacting to this comment. The following reactions are supported:
| In favor | Against | Abstain |
|---|---|---|
| π | π | π |
Please note that voting for multiple options is not allowed and those votes won't be counted.
The vote will be open for 7days. It will pass if at least 66% of the users with binding votes vote In favor π. Once it's closed, results will be published here as a new comment.
hiddeco
commented
1 year ago /check-vote
amye
commented
1 year ago /check-vote
git-vote[bot]
commented
1 year ago So far 15.38% of the users with binding vote are in favor (passing threshold: 66%).
| In favor | Against | Abstain | Not voted |
|---|---|---|---|
| 2 | 0 | 0 | 11 |
| User | Vote | Timestamp |
|---|---|---|
| rochaporto | In favor | 2023-05-09 18:58:35.0 +00:00:00 |
| TheFoxAtWork | In favor | 2023-05-09 20:19:30.0 +00:00:00 |
sabre1041
commented
1 year ago /check-vote
git-vote[bot]
commented
1 year ago Votes can only be checked once a day.
fabidick22
commented
1 year ago /check-vote
git-vote[bot]
commented
1 year ago Votes can only be checked once a day.
diegotony
commented
1 year ago /check-vote
git-vote[bot]
commented
1 year ago Votes can only be checked once a day.
hiddeco
commented
1 year ago Based on counting by hand I can tell you all things haven't changed :-).
amye
commented
1 year ago /check-vote
git-vote[bot]
commented
1 year ago So far 18.18% of the users with binding vote are in favor (passing threshold: 66%).
| In favor | Against | Abstain | Not voted |
|---|---|---|---|
| 2 | 0 | 0 | 9 |
| User | Vote | Timestamp |
|---|---|---|
| TheFoxAtWork | In favor | 2023-05-09 20:19:30.0 +00:00:00 |
| rochaporto | In favor | 2023-05-09 18:58:35.0 +00:00:00 |
floweb
commented
1 year ago /check-vote
git-vote[bot]
commented
1 year ago So far 36.36% of the users with binding vote are in favor (passing threshold: 66%).
| In favor | Against | Abstain | Not voted |
|---|---|---|---|
| 4 | 0 | 0 | 7 |
| User | Vote | Timestamp |
|---|---|---|
| TheFoxAtWork | In favor | 2023-05-09 20:19:30.0 +00:00:00 |
| rochaporto | In favor | 2023-05-09 18:58:35.0 +00:00:00 |
| dzolotusky | In favor | 2023-05-12 13:34:19.0 +00:00:00 |
| nikhita | In favor | 2023-05-12 4:14:48.0 +00:00:00 |
garritfra
commented
1 year ago /check-vote
git-vote[bot]
commented
1 year ago So far 36.36% of the users with binding vote are in favor (passing threshold: 66%).
| In favor | Against | Abstain | Not voted |
|---|---|---|---|
| 4 | 0 | 0 | 7 |
| User | Vote | Timestamp |
|---|---|---|
| TheFoxAtWork | In favor | 2023-05-09 20:19:30.0 +00:00:00 |
| rochaporto | In favor | 2023-05-09 18:58:35.0 +00:00:00 |
| nikhita | In favor | 2023-05-12 4:14:48.0 +00:00:00 |
| dzolotusky | In favor | 2023-05-12 13:34:19.0 +00:00:00 |
Moskovych
commented
1 year ago Looks like toc don't want to vote...
caniszczyk
commented
1 year ago FYI expect that voting will usually last a couple of weeks, the @cncf/cncf-toc can get busy at times
Moskovych
commented
1 year ago @caniszczyk , but the vote is configured for 7 days, as I see, and probably will be closed automatically. Or not?
caniszczyk
commented
1 year ago It shouldn't close automatically - that seems to be a mistake @amye
On Mon, May 15, 2023 at 9:18β―AM Oleh Moskovych @.***> wrote:
@caniszczyk https://github.com/caniszczyk , but the vote is configured for 7 days, as I see, and probably will be closed automatically. Or not?
β Reply to this email directly, view it on GitHub https://github.com/cncf/sandbox/issues/28#issuecomment-1547964709, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAPSINSHUELIAAV4KOCKHTXGI3LTANCNFSM6AAAAAAU7PZ5HI . You are receiving this because you were mentioned.Message ID: @.***>
-- Cheers,
Chris Aniszczyk https://aniszczyk.org
RichiH
commented
1 year ago (I voted earlier in the day, already)
I know a few us of us were on PTO and/or traveling on top of the normal workload. Having a default of two weeks or so is probably better.
amye
commented
1 year ago /check-vote
git-vote[bot]
commented
1 year ago Votes can only be checked once a day.
amye
commented
1 year ago TOC has chosen for these votes to be open a week, we may change that in the future.
hiddeco
commented
1 year ago /check-vote
git-vote[bot]
commented
1 year ago So far 72.73% of the users with binding vote are in favor (passing threshold: 66%).
| In favor | Against | Abstain | Not voted |
|---|---|---|---|
| 8 | 0 | 0 | 3 |
| User | Vote | Timestamp |
|---|---|---|
| dzolotusky | In favor | 2023-05-12 13:34:19.0 +00:00:00 |
| mattfarina | In favor | 2023-05-15 14:00:26.0 +00:00:00 |
| kgamanji | In favor | 2023-05-15 16:08:07.0 +00:00:00 |
| nikhita | In favor | 2023-05-12 4:14:48.0 +00:00:00 |
| rochaporto | In favor | 2023-05-09 18:58:35.0 +00:00:00 |
| RichiH | In favor | 2023-05-15 8:20:38.0 +00:00:00 |
| TheFoxAtWork | In favor | 2023-05-09 20:19:30.0 +00:00:00 |
| cathyhongzhang | In favor | 2023-05-15 21:37:01.0 +00:00:00 |
erinaboyd
commented
1 year ago π
diegotony
commented
1 year ago /check-vote
git-vote[bot]
commented
1 year ago Votes can only be checked once a day.
amye
commented
1 year ago We've extended all votes another 24 hours to make sure we're tallying correctly!
hiddeco
commented
1 year ago /check-vote
git-vote[bot]
commented
1 year ago So far 90.91% of the users with binding vote are in favor (passing threshold: 66%).
| In favor | Against | Abstain | Not voted |
|---|---|---|---|
| 10 | 0 | 0 | 1 |
| User | Vote | Timestamp |
|---|---|---|
| erinaboyd | In favor | 2023-05-16 11:32:11.0 +00:00:00 |
| nikhita | In favor | 2023-05-12 4:14:48.0 +00:00:00 |
| rochaporto | In favor | 2023-05-09 18:58:35.0 +00:00:00 |
| RichiH | In favor | 2023-05-15 8:20:38.0 +00:00:00 |
| mauilion | In favor | 2023-05-16 15:03:22.0 +00:00:00 |
| mattfarina | In favor | 2023-05-15 14:00:26.0 +00:00:00 |
| kgamanji | In favor | 2023-05-15 16:08:07.0 +00:00:00 |
| dzolotusky | In favor | 2023-05-12 13:34:19.0 +00:00:00 |
| TheFoxAtWork | In favor | 2023-05-09 20:19:30.0 +00:00:00 |
| cathyhongzhang | In favor | 2023-05-15 21:37:01.0 +00:00:00 |
git-vote[bot]
commented
1 year ago The vote passed! π
90.91% of the users with binding vote were in favor (passing threshold: 66%).
| In favor | Against | Abstain | Not voted |
|---|---|---|---|
| 10 | 0 | 0 | 1 |
| User | Vote | Timestamp |
|---|---|---|
| @kgamanji | In favor | 2023-05-15 16:08:07.0 +00:00:00 |
| @erinaboyd | In favor | 2023-05-16 11:32:11.0 +00:00:00 |
| @RichiH | In favor | 2023-05-15 8:20:38.0 +00:00:00 |
| @cathyhongzhang | In favor | 2023-05-15 21:37:01.0 +00:00:00 |
| @TheFoxAtWork | In favor | 2023-05-09 20:19:30.0 +00:00:00 |
| @dzolotusky | In favor | 2023-05-12 13:34:19.0 +00:00:00 |
| @mattfarina | In favor | 2023-05-15 14:00:26.0 +00:00:00 |
| @mauilion | In favor | 2023-05-16 15:03:22.0 +00:00:00 |
| @rochaporto | In favor | 2023-05-09 18:58:35.0 +00:00:00 |
| @nikhita | In favor | 2023-05-12 4:14:48.0 +00:00:00 |
Application contact emails
dnazer@mozilla.com hidde@weave.works ablock@redhat.com
Project Summary
SOPS (Secrets OPerationS) is an editor in the form of a command-line tool and SDK designed to help manage encrypted files in a variety of structured (YAML, JSON, ENV, INI) and BINARY formats using a one of the supported Key Management Systems (KMS), PGP, or age.
Project Description
SOPS (Secrets OPerationS) is an editor in the form of a command-line tool and SDK designed to help manage sensitive content stored within structured files. Various formats, including YAML, JSON, ENV and binary, are supported and their content is managed by encrypting only the values portion of a key/value pair to maintain their readability as it lies at rest.
The encryption/decryption process is facilitated by one of the several popular KMS services including AWS, GCP, Azure Key Vault and HashiCorp Vault or more traditional methods, such as PGP or age.
SOPS features a robust set of capabilities to manage complex workflows including support for multiple operational environments and the ability to leverage multiple encryption backends deterministically. Beyond the basics, support is also available to perform key rotation to re-encrypt encrypted contents as well as auditing each activity that is performed to satisfy both day one and day two requirements.
Org repo URL
N/A
Project repo URL
https://github.com/mozilla/sops
Additional repos
https://github.com/mozilla/sotp
Website URL
https://github.com/mozilla/sops
Roadmap
N/A
Roadmap context
While contributions from the community continue to be submitted to the project, until a long term direction is determined, no active development will occur. Once those primary hurdles have been resolved, the short term roadmap focuses on producing a new release of the project, the first in over nine (9) months (v3.7.3 - May 2022).
Given the popularity of the project (12k stars and still growing), its future is bright. To support a evolving the project forward, long term goals could include:
Expanding the set of supported encryption providers Providing more native support for the ecosystem seeking to integrate the project within their tooling. Several externally managed tools do exist which provide these integrations, but they are developed and maintained by individual contributors instead of being associated with either this project or for the target tool.
Contributing Guide
https://github.com/mozilla/sops/blob/master/CONTRIBUTING.md
Code of Conduct (CoC)
https://github.com/mozilla/sops/blob/master/CODE_OF_CONDUCT.md
Adopters
No response
Contributing or Sponsoring Org
https://mozilla.org
Maintainers file
N/A (beyond git-log)
IP Policy
Under review by Mozilla/CNCF legal but not expected to be blocking for further entry.
Trademark and accounts
Under review by Mozilla/CNCF legal but not expected to be blocking for further entry.
Why CNCF?
The maintainers of the SOPS project have approached several maintainers and contributors of CNCF projects to take stewardship of this project, which has been agreed to in principle. This proposal represents a tangible first step towards this desired goal. Aside from providing a home for the SOPS project, there currently is a void as it relates to tooling dedicated for the purpose of managing sensitive resources within the CNCF. There are a couple of other libraries of limited scope, but there is no major focus compared to other domains (eg) OpenTelemetry.
By SOPS becoming a CNCF sponsored project, it represents not only a need for this type of tooling, but the desire for additional dialog and the establishment of recommended practices when working with sensitive assets to be leveraged by the community to ultimately provide a more secure operating environment.
The big picture here is that all cloud native applications need better support, patterns, tools, apis. SOPS is just one set of patterns but could help create focus and momentum for more solutions and community work.
Benefit to the Landscape
Managing sensitive assets is a fundamental task when working with any cloud native technology so their values can be safely used in practice as well as stored at rest. By establishing SOPS as a CNCF project, it represents a clear indication that secrets management is an important concept and that practices must be established to not only provide approaches when working with sensitive resources, but for tooling to be available to facilitate the safe storage, retrieval and interoperability with existing systems.
Cloud Native 'Fit'
SOPS itself is not tied to a specific cloud native technology or project. However, it is not only applicable to help satisfy key security, compliance and auditing requirements, but integrations are available (see below) to support the usage within other cloud native solutions
In addition, by being available as a simple Command Line based utility with a limited number of dependencies and requirements, end users can begin protecting their sensitive assets in no time enabling a safer operating experience and promoting recommended security practices.
Cloud Native 'Integration'
Several cloud native technologies and associated projects have already included native support or are leveraging a third party integration to enable SOPS within their project.
The list of projects include:
Cloud Native Overlap
No response
Similar projects
SOPS provides similar functionality as these other projects:
External Secrets Operator Sealed Secrets
ESO has a complementary approach to SOPS and the projects could potentially help each other e.g. with shared libs for connectors to third party stores. (maybe under an umbrella org?)
Product or Service to Project separation
N/A
Project presentations
No response
Project champions
No response
Additional information
Proposed new maintainers: