SOPS | v3.13.1

SOPS v3.13.1 released on 16-05-2026


SOPS v3.13.1 is out now. It provides step‑by‑step installation and binary verification instructions for the pre-built binaries, guidance for SLSA provenance and SBOM verification, and details for verifying container images and signatures — useful for operators and users who need reproducible, verifiable artefacts.

See the release on GitHub for downloadable artefacts, checksums, the in‑toto provenance file and the full changelog comparing v3.13.0…v3.13.1.

What’s in this release

  • Installation and binary verification: download pre-built binaries (example shown for linux/amd64), move the binary into PATH and make it executable; verify the checksums file signature with cosign verify-blob and then validate the binary with sha256sum -c.
  • Artifact provenance and SLSA verification: an in-toto metadata file (sops-v3.13.1.intoto.jsonl) is included in the release artifacts; verify provenance with slsa-verifier verify-artifact using source URI github.com/getsops/sops and source tag v3.13.1.
  • Container images and image verification: published images on GHCR and Quay (Debian-slim and Alpine variants) for linux/amd64 and linux/arm64; Debian images include extra key-service dependencies while Alpine images are smaller; image signatures can be checked with cosign and SLSA attestations are available.

Upgrade notes

  • No breaking changes are listed in the release notes; review the full changelog (compare v3.13.0…v3.13.1) before upgrading.
  • To roll back, reinstall the previous release available from the project’s GitHub releases (see the changelog link for the prior tag).

Try the release and share any feedback or issues you encounter so others can benefit from your experience.

Related posts

Weekly Tech Digest | 06 Jul 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's pressing issues.

wolfCOSE zero-allocation parsing in embedded C

wolfCOSE looks sensible only if you care about what your firmware actually has to carry. I like that, because on small targets the wrong crypto feature can cost more than the message itself, and there...

restic | v0.19.1

restic v0 19 1: safer FUSE mounts and mountpoint checks, robust backup source and exclude handling, clearer CLI JSON output, Windows SFTP deletion fixes