uumo

Thanks, I'll look into writing a proxy It's a bare metal cluster with a smart card, so no cloud provider kms is available

I don't understand, when you setup k3s did you modify [aws-encryption-provider](https://github.com/kubernetes-sigs/aws-encryption-provider) to work without AWS? The readme says: "Assumptions: You have an AWS account" I'm using a nitrokey that works...

@mhumeSF aws-encryption-provider won't work. I need to encrypt Kubernetes secrets using a physical HSM in a potentially offline cluster, so I can't use AWS or any other cloud based KMS...

I added a bounty to this issue! I'll accept any solution that allows Kubernetes secrets to be encrypted with SOPS as a backend. It must actually run and work so...

Hi @Frizlab! Thanks for your implementation & sorry for the delay getting back to you. I was able to compile and run your code, but was confused by the mandatory...

@Frizlab your code works beautifully & fully satisfies my requirements! I tried to award the bounty but get an error "We had an issue to make this transfer". I saw...