Well, technically SOPS/age are both encryption tools first. Both of them are excellent, mind you. But they lack the user experience, specifically SOPS, with handling keys in a multi-user environment, and subsequently with the overall developer workflow. They do offer a lot more than just accessing environment variables securely though, something that kiln is trying to solve.

At first, I did consider using them instead of building my own tool on top of age. But our requirements were far beyond just encrypting and decrypting files in a single environment.

What kiln adds here is the role-based access control, so you can define multiple files, and users/groups who should be able to access them. It also adds to the developer workflow where you can directly run commands through kiln with the variables injected in the command's shell environment. You can also render templates for all the kiln-encrypted files you have access to.

You can say it's a wrapper over age, but adds functionality that allows seamless sharing of developer workflows, and environments, all from a single place. It's git-friendly, and primarily aims for your secrets to travel along with the code so all deployments can be done offline (as an alternative to something like Infiscal, or Vault). I've tried to make it as simple as possible to adopt for anyone in the team.

The only other best way for me to put it is that you should try it out, and I'm sure it'll be helpful in a lot of ways. If you have any more questions, I'm happy to answer them!