Skip to content
This repository has been archived by the owner on Jun 2, 2022. It is now read-only.

./test.sh failing #40

Open
stoyle opened this issue Mar 23, 2018 · 15 comments
Open

./test.sh failing #40

stoyle opened this issue Mar 23, 2018 · 15 comments
Labels
bug fixed need testing

Comments

@stoyle
Copy link

stoyle commented Mar 23, 2018
edited
Loading

Hey everyone. This may be a local problem on my machine, but I thought I'd report it anyways, since it seems I am on the latest version on everything.

First tried to go through the example and it failed immediately:

helm secrets dec example/helm_vars/projectX/sandbox/us-east-1/java-app/secrets.yaml
Decrypting example/helm_vars/projectX/sandbox/us-east-1/java-app/secrets.yaml
[PGP]	 INFO[0000] Decryption succeeded                          fingerprint=4434EA5D05F10F59D0DF7399AF1D073646ED4927
[SOPS]	 INFO[0000] Data key recovered successfully
Error decrypting tree: Error walking tree: Could not decrypt value: crypto/aes: invalid key size 31
Error: plugin "secrets" exited with error
➜  helm-secrets git:(master) ✗

And then I tried to run test.sh which also failed.

➜  R git clone git@github.com:futuresimple/helm-secrets.git
Cloning into 'helm-secrets'...
remote: Counting objects: 409, done.
remote: Total 409 (delta 0), reused 0 (delta 0), pack-reused 409
Receiving objects: 100% (409/409), 147.13 KiB | 617.00 KiB/s, done.
Resolving deltas: 100% (202/202), done.
➜  R cd helm-secrets
➜  helm-secrets git:(master) brew install sops
Updating Homebrew...
==> Auto-updated Homebrew!
Updated 3 taps (heroku/brew, homebrew/core, caskroom/cask).
==> New Formulae
jthread                                                                                                                                  wp-cli
==> Updated Formulae
erlang ✔                      nginx ✔                       docker                        frugal                        groovyserv                    libswiften                    meson                         pygobject3                    talloc
git ✔                         arx                           docker-completion             gdcm                          gst-python                    libucl                        openrct2                      pytouhou                      unixodbc
heroku ✔                      aws-sdk-cpp                   exploitdb                     gitlab-runner                 lean-cli                      mackup                        osquery                       sdlpop                        vips
heroku/brew/heroku ✔          czmq                          flow                          gom                           libbi                         mat                           parallel                      spigot                        xdot
heroku/brew/heroku-node ✔     diffoscope                    fribidi                       grip                          librealsense                  mbedtls                       pgroonga                      svgcleaner                    zeromq

==> Downloading https://homebrew.bintray.com/bottles/sops-3.0.2.high_sierra.bottle.tar.gz
Already downloaded: /Users/stoyle/Library/Caches/Homebrew/sops-3.0.2.high_sierra.bottle.tar.gz
==> Pouring sops-3.0.2.high_sierra.bottle.tar.gz
🍺  /usr/local/Cellar/sops/3.0.2: 5 files, 16.8MB
➜  helm-secrets git:(master) ./test.sh
+++ Installing helm-secrets plugin
[OK] helm-ecrets plugin installed

+++ Importing private pgp key for projectx
gpg: key AF1D073646ED4927: "helm-secrets-example-projectx <helm-secrets-projectx@example.com>" not changed
gpg: key AF1D073646ED4927: secret key imported
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg:       secret keys read: 1
gpg:  secret keys unchanged: 1

+++ Importing private pgp key for projectx
gpg: key 19F6A67BB1B8DDBE: "helm-secrets-example-projecty <helm-secrets-projecty@example.com>" not changed
gpg: key 19F6A67BB1B8DDBE: secret key imported
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg:       secret keys read: 1
gpg:  secret keys unchanged: 1

+++ Show helm_vars tree from example
example/helm_vars/
├── .sops.yaml
├── projectX
│   ├── .sops.yaml
│   ├── production
│   │   └── us-east-1
│   │       └── java-app
│   │           ├── secrets.yaml
│   │           └── value.yaml
│   └── sandbox
│       └── us-east-1
│           └── java-app
│               ├── secrets.yaml
│               └── value.yaml
├── projectY
│   ├── .sops.yaml
│   ├── production
│   │   └── us-east-1
│   │       └── java-app
│   │           ├── secrets.yaml
│   │           └── value.yaml
│   └── sandbox
│       └── us-east-1
│           └── java-app
│               ├── secrets.yaml
│               └── value.yaml
├── secrets.yaml
└── values.yaml

14 directories, 13 files

+++ Testing ./example/helm_vars/secrets.yaml
+++ Encrypt and Test


[OK] File properly encrypted
+++ Test if 'Already Encrypted' feature works


[OK] Already Encrypted
+++ View encrypted Test

[PGP]	 INFO[0000] Decryption succeeded                          fingerprint=4434EA5D05F10F59D0DF7399AF1D073646ED4927
[SOPS]	 INFO[0000] Data key recovered successfully

[OK] File decrypted and viewable
+++ Decrypt

[PGP]	 INFO[0000] Decryption succeeded                          fingerprint=4434EA5D05F10F59D0DF7399AF1D073646ED4927
[SOPS]	 INFO[0000] Data key recovered successfully

[OK] File decrypted
+++ Cleanup Test


[OK] Cleanup specified directory


[OK] Cleanup specified .dec file


[OK] Cleanup specified encrypted secret file
+++ Once again Encrypt and Test

[PGP]	 INFO[0000] Encryption succeeded                          fingerprint=4434EA5D05F10F59D0DF7399AF1D073646ED4927
[PGP]	 INFO[0001] Encryption succeeded                          fingerprint=40B6FAEC80FD467E3FE9421019F6A67BB1B8DDBE
[CMD]	 INFO[0001] File written successfully

[OK] File properly encrypted
+++ Testing ./example/helm_vars/projectX/sandbox/us-east-1/java-app/secrets.yaml
+++ Encrypt and Test


[OK] File properly encrypted
+++ Test if 'Already Encrypted' feature works


[OK] Already Encrypted
+++ View encrypted Test

[PGP]	 INFO[0000] Decryption succeeded                          fingerprint=4434EA5D05F10F59D0DF7399AF1D073646ED4927
[SOPS]	 INFO[0000] Data key recovered successfully
Error decrypting tree: Error walking tree: Could not decrypt value: crypto/aes: invalid key size 31
Error: plugin "secrets" exited with error
[OK] File decrypted and viewable
+++ Decrypt

[PGP]	 INFO[0000] Decryption succeeded                          fingerprint=4434EA5D05F10F59D0DF7399AF1D073646ED4927
[SOPS]	 INFO[0000] Data key recovered successfully
Error decrypting tree: Error walking tree: Could not decrypt value: crypto/aes: invalid key size 31
Error: plugin "secrets" exited with error
General error
➜  helm-secrets git:(master) ✗

So, is it my machine, or is this a bug?

Cheers,
Alf
@stefanthorpe
Copy link

@stoyle did you find out what the cause of the issue was? I'm getting the same results.

@stoyle
Copy link
Author

stoyle commented Apr 9, 2018

No, still failing. But I am using helm-secrets successfully with my own encrypted files. So it works, regardless of this test failure.

@stefanthorpe
Copy link

I upgraded sops to 3.0.3 this seemed to help

@stoyle
Copy link
Author

stoyle commented Apr 28, 2018

Same problem here:

Error: plugin "secrets" exited with error
General error
➜  helm-secrets git:(master) ✗ sops --version
sops 3.0.3 (latest)

helm secrets is working for us, by the way. Just not in this test.

Cheers,
Alf

@caussourd
Copy link

I have the same issue (sops 3.0.3)

@mike10010100
Copy link

This is still occurring for sops 3.0.5. Any updates on this?

@nitrogear
Copy link

Have the same issue. Can anyone explain how to resolve it?

@szibis szibis added the bug label Jul 4, 2018
@marcpalm
Copy link

marcpalm commented Jul 4, 2018

I just tried to get the examples running:

helm secrets dec example/helm_vars/projectX/sandbox/us-east-1/java-app/secrets.yaml
Decrypting example/helm_vars/projectX/sandbox/us-east-1/java-app/secrets.yaml
Error decrypting tree: Error walking tree: Could not decrypt value: crypto/aes: invalid key size 31

Maybe this is related? Btw, helm secrets dec example/helm_vars/secrets.yaml works.

Best, Marc

@yujunz
Copy link

yujunz commented Aug 22, 2018

Have the same issue when trying the example

helm secrets dec example/helm_vars/projectX/sandbox/us-east-1/java-app/secrets.yaml
Decrypting example/helm_vars/projectX/sandbox/us-east-1/java-app/secrets.yaml
Error decrypting tree: Error walking tree: Could not decrypt value: crypto/aes: invalid key size 31
Error: plugin "secrets" exited with error
  • sops 3.0.5 (latest)
  • helm-secrets 1.3.1

@tarrall tarrall mentioned this issue Oct 9, 2018
Open
@tarrall
Copy link

tarrall commented Oct 9, 2018

Here's a couple more datapoints: the issue happens with plain old sops (not just helm-secrets), and before the upgrade from sops 2.x to sops 3.x, the error wasn't happening:

tarrall@Tarrall <~/gits/helm-secrets>git status
HEAD detached at 98509c7
nothing to commit, working tree clean
tarrall@Tarrall <~/gits/helm-secrets>sops -d example/helm_vars/projectX/production/us-east-1/java-app/secrets.yaml
secret_production_projectx: secret_foo_123
tarrall@Tarrall <~/gits/helm-secrets>git checkout 098df35aabbd4169d0a9569227cef454560e7f86
[...]
tarrall@Tarrall <~/gits/helm-secrets>sops -d example/helm_vars/projectX/production/us-east-1/java-app/secrets.yaml
Error decrypting tree: Error walking tree: Could not decrypt value: crypto/aes: invalid key size 31

Given the timing on that commit, I wonder if it was bitten by getsops/sops#278 ... though mildly surprising that it's not failing for everyone.

If it's that, re-encrypting the examples with a more recent version of sops (e.g. 3.1.1) would be a fix.

@sandywang1982
Copy link
Contributor

Getting the same error with secrets 2.0.0, sops 3.1.1, both are latest.

@sandywang1982 sandywang1982 mentioned this issue Oct 29, 2018
Merged
@jbuettnerbild
Copy link

same with sops 3.2.0

@szibis
Copy link
Contributor

szibis commented Mar 29, 2019

@jbuettnerbild @sandywang1982 @stoyle anyone can check if these issues exist on latest 2.0.1 version from the master?

@stoyle
Copy link
Author

stoyle commented Mar 30, 2019

Looks like it is failing somewhat earlier now. On latest master:

➜  helm-secrets git:(master) sops --version
sops 3.2.0 (latest)
➜  helm-secrets git:(master) ./test.sh
+++ Installing helm-secrets plugin
[OK] helm-secrets plugin installed

+++ Importing private pgp key for projectx
gpg: key AF1D073646ED4927: "helm-secrets-example-projectx <helm-secrets-projectx@example.com>" not changed
gpg: key AF1D073646ED4927: secret key imported
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg:       secret keys read: 1
gpg:  secret keys unchanged: 1

+++ Importing private pgp key for projectx
gpg: key 19F6A67BB1B8DDBE: "helm-secrets-example-projecty <helm-secrets-projecty@example.com>" not changed
gpg: key 19F6A67BB1B8DDBE: secret key imported
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg:       secret keys read: 1
gpg:  secret keys unchanged: 1

+++ Show helm_vars tree from example
example/helm_vars/
├── .sops.yaml
├── projectX
│   ├── .sops.yaml
│   ├── production
│   │   └── us-east-1
│   │       └── java-app
│   │           ├── secrets.yaml
│   │           └── value.yaml
│   └── sandbox
│       └── us-east-1
│           └── java-app
│               ├── secrets.yaml
│               └── value.yaml
├── projectY
│   ├── .sops.yaml
│   ├── production
│   │   └── us-east-1
│   │       └── java-app
│   │           ├── secrets.yaml
│   │           └── value.yaml
│   └── sandbox
│       └── us-east-1
│           └── java-app
│               ├── secrets.yaml
│               └── value.yaml
├── secrets.yaml
└── values.yaml

14 directories, 13 files

+++ Testing ./example/helm_vars/secrets.yaml
+++ Encrypt and Test
[OK] File properly encrypted
+++ Test if 'Already Encrypted' feature works
[FAIL] Not Encrypted or re-encrypted. Should be already encrypted with no re-encryption.
General error

@sandywang1982
Copy link
Contributor

sandywang1982 commented Apr 1, 2019
edited
Loading

Mine works fine, I have checked out the latest code.

sandy@xxxx:~/helm-secrets$ ./test.sh
+++ Installing helm-secrets plugin
[OK] helm-secrets plugin installed

+++ Importing private pgp key for projectx
gpg: key AF1D073646ED4927: "helm-secrets-example-projectx <helm-secrets-projectx@example.com>" not changed
gpg: key AF1D073646ED4927: secret key imported
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg:       secret keys read: 1
gpg:  secret keys unchanged: 1

+++ Importing private pgp key for projectx
gpg: key 19F6A67BB1B8DDBE: "helm-secrets-example-projecty <helm-secrets-projecty@example.com>" not changed
gpg: key 19F6A67BB1B8DDBE: secret key imported
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg:       secret keys read: 1
gpg:  secret keys unchanged: 1

+++ Show helm_vars tree from example
example/helm_vars/
├── .sops.yaml
├── projectX
│   ├── .sops.yaml
│   ├── production
│   │   └── us-east-1
│   │       └── java-app
│   │           ├── secrets.yaml
│   │           └── value.yaml
│   └── sandbox
│       └── us-east-1
│           └── java-app
│               ├── secrets.yaml
│               └── value.yaml
├── projectY
│   ├── .sops.yaml
│   ├── production
│   │   └── us-east-1
│   │       └── java-app
│   │           ├── secrets.yaml
│   │           └── value.yaml
│   └── sandbox
│       └── us-east-1
│           └── java-app
│               ├── secrets.yaml
│               └── value.yaml
├── secrets.yaml
└── values.yaml

14 directories, 13 files

+++ Testing ./example/helm_vars/projectX/production/us-east-1/java-app/secrets.yaml
+++ Encrypt and Test
[OK] File properly encrypted
+++ Test if 'Already Encrypted' feature works
[OK] Already Encrypted
+++ View encrypted Test
[OK] File decrypted and viewable
+++ Decrypt
[OK] File decrypted
+++ Cleanup Test
[OK] Cleanup specified directory
[OK] Cleanup specified .dec file
+++ Once again Encrypt and Test
[OK] File properly encrypted
+++ Testing ./example/helm_vars/projectX/sandbox/us-east-1/java-app/secrets.yaml
+++ Encrypt and Test
[OK] File properly encrypted
+++ Test if 'Already Encrypted' feature works
[OK] Already Encrypted
+++ View encrypted Test
[OK] File decrypted and viewable
+++ Decrypt
[OK] File decrypted
+++ Cleanup Test
[OK] Cleanup specified directory
[OK] Cleanup specified .dec file
+++ Once again Encrypt and Test
[OK] File properly encrypted
+++ Testing ./example/helm_vars/projectY/production/us-east-1/java-app/secrets.yaml
+++ Encrypt and Test
[OK] File properly encrypted
+++ Test if 'Already Encrypted' feature works
[OK] Already Encrypted
+++ View encrypted Test
[OK] File decrypted and viewable
+++ Decrypt
[OK] File decrypted
+++ Cleanup Test
[OK] Cleanup specified directory
[OK] Cleanup specified .dec file
+++ Once again Encrypt and Test
[OK] File properly encrypted
+++ Testing ./example/helm_vars/projectY/sandbox/us-east-1/java-app/secrets.yaml
+++ Encrypt and Test
[OK] File properly encrypted
+++ Test if 'Already Encrypted' feature works
[OK] Already Encrypted
+++ View encrypted Test
[OK] File decrypted and viewable
+++ Decrypt
[OK] File decrypted
+++ Cleanup Test
[OK] Cleanup specified directory
[OK] Cleanup specified .dec file
+++ Once again Encrypt and Test
[OK] File properly encrypted
+++ Testing ./example/helm_vars/secrets.yaml
+++ Encrypt and Test
[OK] File properly encrypted
+++ Test if 'Already Encrypted' feature works
[OK] Already Encrypted
+++ View encrypted Test
[OK] File decrypted and viewable
+++ Decrypt
[OK] File decrypted
+++ Cleanup Test
[OK] Cleanup specified directory
[OK] Cleanup specified .dec file
+++ Once again Encrypt and Test
[OK] File properly encrypted

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug fixed need testing
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests