Mozilla Sops uses a .sops.yaml files which among others contains the public keys that are used for encryption. It would be convenient to include these in your repo so you can easily keep track what key/keys was/were used for file-encryption. Also because you might use several .sops.yaml files for various environments etc.
I find nowhere whether you should include .sops.yaml files to .gitignore which makes me think it is ok to just commit it. So my question: is this indeed ok?
I just noted that encrypted files (which are supposed to be commited) receive 'the encryption context' as metadata at the end of the file, which is similar to the
.sops.yamlinfo. This means that when you leave.sops.yamlout of your repo, its info will be included anyways, so you might as well just commit the.sops.yamlas well without doing any security harm.So: yes, it's ok to commit
.sops.yaml, no need to add it to.gitignore.