SOPS | v3.13.2

SOPS v3.13.2 released on 30-06-2026


SOPS v3.13.2 is out now. It provides verified pre-built binaries and official container images, and publishes SLSA provenance and SPDX SBOMs to help validate integrity and provenance of releases.

See the GitHub release artifacts for downloads, checksums, signatures, provenance files and container images, and follow the included cosign and slsa-verifier commands to verify binaries and images.

What’s in this release

  • Installation and binary verification: pre-built Linux/amd64 binaries with a signed checksums file; instructions to verify the checksums signature using Cosign with GitHub OIDC and to check binary integrity with sha256sum.
  • Container images: Debian (slim) and Alpine images published to ghcr.io and quay.io for linux/amd64 and linux/arm64; Debian images include common key-service dependencies while Alpine images are smaller; image signatures verifiable with cosign.
  • Provenance and SBOMs: SLSA provenance provided as an in-toto JSONL metadata file (sops-v3.13.2.intoto.jsonl) and SBOMs as SPDX JSON files (.spdx.sbom.json); verification via slsa-verifier documented.

Upgrade notes

  • No breaking changes are listed in the release notes; follow the provided verification steps (cosign verify-blob and sha256sum -c) before deploying binaries or images.
  • If you need to roll back, the previous release is v3.13.1 — get it from the project’s releases on GitHub.

Share your experience with the verification steps or running the images — report any issues or observations on the project’s GitHub so maintainers and other users can benefit.

Related posts

Weekly Tech Digest | 06 Jul 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's pressing issues.

wolfCOSE zero-allocation parsing in embedded C

wolfCOSE looks sensible only if you care about what your firmware actually has to carry. I like that, because on small targets the wrong crypto feature can cost more than the message itself, and there...

restic | v0.19.1

restic v0 19 1: safer FUSE mounts and mountpoint checks, robust backup source and exclude handling, clearer CLI JSON output, Windows SFTP deletion fixes