Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question about newlines #61

Closed
wmuizelaar opened this issue Sep 23, 2019 · 4 comments
Closed

Question about newlines #61

wmuizelaar opened this issue Sep 23, 2019 · 4 comments

Comments

@wmuizelaar
Copy link
Contributor

wmuizelaar commented Sep 23, 2019
edited
Loading

Hi,

I run into an issue when using berglas locally with berglas exec --local. It seems a newline character is added to the decrypted environment variable, which isn't a part of the originally encrypted secret.

Here is a detailed walkthrough of my testing with this, and a reproduction path:

  • create secret:
$ echo 'testsecretwithoutnewline' | berglas create berglas-wietse/testsecret -  --key projects/berglas-wietse/locations/global/keyRings/berglas/cryptoKeys/berglas-key
Successfully created secret [testsecret] with generation [1569245517544173]
  • Validate it's there:
$ berglas access berglas-wietse/testsecret
testsecretwithoutnewline
  • Validate there is no newline
$ TESTENV=$(berglas access berglas-wietse/testsecret)
$ echo "ONE${TESTENV}TWO"
ONEtestsecretwithoutnewlineTWO
  • Use berglas exec
$ export TESTENV=berglas://berglas-wietse/testsecret
$ berglas exec --local ${SHELL}
$ echo "ONE${TESTENV}TWO"
ONEtestsecretwithoutnewline
TWO

As you can see, in the berglas exec environment, a newline at the end of the secret is suddenly added.
@wmuizelaar
Copy link
Contributor Author

Added info about my environment locally:

$ echo $SHELL
/usr/local/bin/bash
$ /usr/local/bin/bash --version
GNU bash, version 5.0.11(1)-release (x86_64-apple-darwin18.6.0)
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

@sethvargo
Copy link
Member

sethvargo commented Sep 23, 2019
edited
Loading 

echo 'testsecretwithoutnewline'

^ on most operating systems, this actually does include a newline. Usually you need to pass the -n flag to tell echo not to include a newline. Does it reproduce if you use echo -n ...?

@wmuizelaar
Copy link
Contributor Author

You're right, -n could have impact on this. But that doesn't explain the difference between the berglas access and berglas exec output?

When I try to reproduce with -n, I get this response:

echo -n 'testsecretwithoutnewline' | berglas create berglas-wietse/testsecret2 -  --key projects/berglas-wietse/locations/global/keyRings/berglas/cryptoKeys/berglas-key
EOF

berglas is exiting here with exit-code 61. (Note, I'm using the 0.2.0 version, not the master build)

@wmuizelaar
Copy link
Contributor Author

Ok, tested some more, and indeed, the secret is stored including the newline. Silly me :/

@lock lock bot locked as resolved and limited conversation to collaborators Dec 22, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sethvargo @wmuizelaar