SOPS | v3.13.2

SOPS v3.13.2 released on 30-06-2026


SOPS v3.13.2 is out now. It provides pre-built binaries with step‑by‑step installation and checksum/signature verification, signed checksums and provenance for validating artefacts, plus container images and a set of bug fixes and dependency maintenance.

Download binaries, checksums, SBOMs and SLSA provenance from the project’s GitHub release page; the release artifacts include a .sigstore.json bundle for cosign verification and an in-toto provenance file (sops-v3.13.2.intoto.jsonl).

What’s in this release

  • Installation and integrity: pre-built binaries with example install commands and instructions to verify the checksums file using cosign (bundle .sigstore.json) and to check binaries with sha256sum -c.
  • Container images and verification: Debian-slim and Alpine images on ghcr.io and quay.io for linux/amd64 and linux/arm64; Debian images include common KMS/GPG dependencies while Alpine is smaller; images are signed with cosign and include SLSA provenance for verification.
  • Notable fixes and behaviour changes: preserve large integers in the JSON store, handle pointers when serialising context, fix a panic when a non-string was encountered where an encrypted string was expected, fix INI newline double-encoding, and reset supplementary groups when changing user in exec subcommands, plus assorted docs and line-wrapping cleanups.

Upgrade notes

  • No breaking API changes are listed for this release; review the full changelog on GitHub (compare v3.13.1…v3.13.2) and follow the release’s verification steps for binaries and images before upgrading.
  • To roll back, retrieve the previous release artifacts (for example v3.13.1) from the project’s GitHub releases and re-install the desired binary or image tag.

Share your experience or report any issues on the project’s GitHub so others can benefit from your notes and the maintainers can follow up.

Related posts

Weekly Tech Digest | 06 Jul 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's pressing issues.

wolfCOSE zero-allocation parsing in embedded C

wolfCOSE looks sensible only if you care about what your firmware actually has to carry. I like that, because on small targets the wrong crypto feature can cost more than the message itself, and there...

restic | v0.19.1

restic v0 19 1: safer FUSE mounts and mountpoint checks, robust backup source and exclude handling, clearer CLI JSON output, Windows SFTP deletion fixes