> Why not SOPS? SOPS is great for general file encryption, but kiln is built specifically for the environment variable workflow. It has commands like "run", "export", and built-in team management. Think "SOPS for .env files" with a focus on developer UX.
As far as I know, SOPS supports the same workflow with the 'exec-env' subcommand. What would be the difference here?
Yes, SOPS does have `exec-env` which does the same thing, kind of. From one of the issues, it currently lacks support for the POSIX-semantic way to run commands: https://github.com/getsops/sops/issues/1469, where you cannot add a `--` to tell sops that everything after it is supposed to be a command, so you end up having to quote everything. Other things that I found lacking were that with SOPS, adding a new team member means manually updating .sops.yaml, re-encrypting all files, and managing PGP/age keys. With kiln, you just add their SSH key to kiln.toml and run `kiln rekey`.
kiln also lets you have different access controls per environment file (devs get staging, only ops get production) without separate .sops.yaml configs, automatically discovers keys from SSH agent/~/.kiln/, and has built-in template rendering and export formats for different tools. You could definitely build similar workflows with SOPS + scripts, or any other tool, but kiln packages these common patterns into a single tool with better UX for teams.
Think of kiln as "opinionated SOPS", focused specifically on environment variables rather than general file encryption.
As far as I know, SOPS supports the same workflow with the 'exec-env' subcommand. What would be the difference here?
kiln also lets you have different access controls per environment file (devs get staging, only ops get production) without separate .sops.yaml configs, automatically discovers keys from SSH agent/~/.kiln/, and has built-in template rendering and export formats for different tools. You could definitely build similar workflows with SOPS + scripts, or any other tool, but kiln packages these common patterns into a single tool with better UX for teams.
Think of kiln as "opinionated SOPS", focused specifically on environment variables rather than general file encryption.