There's also https://github.com/jdx/fnox

One of the first tasks I had for Claude was to build a protected KV store out of keepassx.cli. Out of the box I got a beautiful gui for seeding initial secrets while giving me a nice scriptable, non-interactive tool for injecting secrets into infrastructure bootstrapping.

"also" is a strong word for a project this young. It was started in October 2025, does not have any issues (at all) and is completely vibe coded. Not starting a discussion about security & vibe coding now, but I wouldn't blindly recommend such a nascent project if compared to something mature like SOPS.

Lol it's the guy who makes mise https://mise.jdx.dev, so I don't think it's a "vibe-coded" project)

Oh there are vibes; claude & copilot are a contributors on both misa and fnox, gemini even gets in on fnox (poor OpenAI)

SOPS with Age is simple, and simple is good. I strongly recommend this approach.

SOPS is simple? You are kidding me. Pass from https://www.passwordstore.org/ fame is simple. SOPS is ultra-complicated for a security tool.

I dunno, it seems mostly simple to me.

You have a .sops.yaml with some Age public keys, and then you run “sops secrets.yml” to create an encrypted file.

Can you explain what you find complicated about sops? I've used it with ease for the last two years, both personally and professionally.