SOPS v3.13.1 released on 16-05-2026

SOPS v3.13.1 is out now. It bundles prebuilt binaries, container images, SBOMs and signed provenance so you can install and verify artifacts with Cosign and slsa-verifier.
Check the project’s GitHub release for downloads, checksums, signed metadata and container tags before you upgrade.
What’s in this release
- Prebuilt binaries with downloadable checksums and a Cosign-signed checksums file; instructions for verifying the signature and then validating the binary with sha256sum.
- Container images (Debian-slim and Alpine) for linux/amd64 and linux/arm64 published on ghcr.io and quay.io, with Cosign signatures and SLSA provenance attestations.
- SPDX-format SBOM JSON files for each binary and an in-toto JSONL provenance file (sops-v3.13.1.intoto.jsonl) covering binaries, packages and SBOMs.
Upgrade notes
- No breaking changes are documented in the release notes; verify the checksums file signature with Cosign then run sha256sum -c on the downloaded binary before replacing a system binary. Full changelog: https://github.com/getsops/sops/compare/v3.13.0…v3.13.1
- If you need to revert, fetch the previous release from the project’s releases page (for example the v3.13.0 tag) and restore the prior binary or image.
Share how the upgrade went or report any issues on the project’s GitHub repository — community feedback helps catch edge cases others may hit.


