Can Kubernetes Applications read the encrypted files created by SOPs or do they need to be decrypted before usage?

[Plus3IT-Azure]

Hello, the title pretty much explains everything. A K8s secret can be pulled via a K8s deployment yaml file, i'm curious if I can leave the K8s secret yaml encrypted (via SOPs) or does it need to be unencrypted for my deployment to read the data in the file?