getsops
diff --git a/‎README.rst‎
Lines changed: 25 additions & 1 deletion b/‎README.rst‎
Lines changed: 25 additions & 1 deletion
@@ -2,7 +2,7 @@ SOPS: Secrets OPerationS
 ========================
 
 **SOPS** is an editor of encrypted files that supports YAML, JSON, ENV, INI and BINARY
-formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault, HuaweiCloud KMS, age, and PGP.
+formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault, HuaweiCloud KMS, OpenStack Barbican, age, and PGP.
 (`demo <https://www.youtube.com/watch?v=YTEVyLXFiq0>`_)
 
 .. image:: https://i.imgur.com/X0TM5NI.gif
@@ -96,6 +96,30 @@ separated, in the **SOPS_PGP_FP** env variable.
 
 Note: you can use both PGP and KMS simultaneously.
 
+If you want to use OpenStack Barbican, export the Barbican secret references, comma
+separated, in the **SOPS_BARBICAN_SECRETS** env variable. You'll also need to set
+OpenStack authentication environment variables.
+
+.. code:: bash
+
+    export SOPS_BARBICAN_SECRETS="550e8400-e29b-41d4-a716-446655440000,region:us-west-1:660e8400-e29b-41d4-a716-446655440001"
+    export OS_AUTH_URL="https://keystone.example.com:5000/v3"
+    export OS_USERNAME="sops-user"
+    export OS_PASSWORD="secret"
+    export OS_PROJECT_ID="abc123"
+    export OS_DOMAIN_NAME="default"
+
+Alternatively, you can use OpenStack application credentials (recommended):
+
+.. code:: bash
+
+    export SOPS_BARBICAN_SECRETS="550e8400-e29b-41d4-a716-446655440000"
+    export OS_AUTH_URL="https://keystone.example.com:5000/v3"
+    export OS_APPLICATION_CREDENTIAL_ID="app-cred-id"
+    export OS_APPLICATION_CREDENTIAL_SECRET="app-cred-secret"
+
+Note: you can use Barbican with other key management services simultaneously.
+
 Then simply call ``sops edit`` with a file path as argument. It will handle the
 encryption/decryption transparently and open the cleartext file in an editor