I'm learning about SOPS and setting it up as my preferred mechanism for storing secrets. Here are my notes.
It’s security mechanism is that we (i.e. client) use a PUBLIC key from the receiver (i.e. server) and encode it with a random key (I’m saying nonce but it could be reused)
This varies from RSA and SSH because the server uses a PUBLIC key to identify the client.
Web of trust
Web of trust operates by still using PGP (i.e. encoding with recipient’s public key) but additionally, we can encrypt/sign the data as our own by signing it with the client’s private key.
This means the recipient will initially decrypt via our (i.e. client’s) public key (verifying the source) and then decrypting via their (i.e. server’s) private key to get the data.