Sops

Encrypt / Decrypt

You Azure user must have "Encrypt" and "Decrypt" Access Policy for the key.

KEY_VAULT_NAME="PASTE-YOUR-KEY-VAULT-NAME-HERE"
KEY_NAME="PASTE-YOUR-KEY-NAME-HERE"
KV=$(az keyvault key show --name $KEY_NAME --vault-name $KEY_VAULT_NAME | jq -r ".key.kid")

sops --encrypt --azure-kv $KV file-decrypted > file-encrypted
sops --decrypt file-encrypted

References

https://github.com/mozilla/sops