SOPS | v3.12.2

SOPS v3.12.2 released on 18-03-2026


SOPS v3.12.2 is out now. Operators and packagers will find pre-built binaries, signed checksums and provenance artifacts intended to make installation and verification straightforward.

See the GitHub release for downloads, checksums, SBOMs, container images and step-by-step verification commands.

What’s in this release

  • Pre-built binaries with a signed checksums file (Cosign using GitHub OIDC) and commands to verify the checksums file and binary integrity (example uses sha256sum -c).
  • Container images (Debian slim and Alpine) for linux/amd64 and linux/arm64 published to ghcr.io and quay.io (v3.12.2 and v3.12.2-alpine); images are signed with Cosign and include provenance attestations.
  • SLSA provenance supplied as an in-toto JSONL file (sops-v3.12.2.intoto.jsonl) and SBOMs for each binary provided as SPDX JSON files.

Upgrade notes

  • No breaking changes are listed in the release notes; review the full changelog (compare v3.12.1…v3.12.2) before upgrading and follow the verification steps before replacing binaries in production.
  • If you need to revert, reinstall the previous tag (v3.12.1) or use the earlier container image tag from your registry.

Share your experience with the verification workflow, images or SBOMs on the project’s GitHub so others can benefit from any tips or issues you encounter.

Related posts

Weekly Tech Digest | 06 Jul 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's pressing issues.

wolfCOSE zero-allocation parsing in embedded C

wolfCOSE looks sensible only if you care about what your firmware actually has to carry. I like that, because on small targets the wrong crypto feature can cost more than the message itself, and there...

restic | v0.19.1

restic v0 19 1: safer FUSE mounts and mountpoint checks, robust backup source and exclude handling, clearer CLI JSON output, Windows SFTP deletion fixes