Open williamhpark opened 1 year ago
A potential solution is to assign FilePasswordFunc
similar to how it's done in the AWS Vault codebase:
func fileKeyringPassphrasePrompt(prompt string) (string, error) {
if password, ok := os.LookupEnv("AWS_VAULT_FILE_PASSPHRASE"); ok {
return password, nil
}
fmt.Fprintf(os.Stderr, "%s: ", prompt)
b, err := term.ReadPassword(int(os.Stdin.Fd()))
if err != nil {
return "", err
}
fmt.Println()
return string(b), nil
}
var keyringConfigDefaults = keyring.Config{
...
FilePasswordFunc: fileKeyringPassphrasePrompt,
...
}
The resultant behaviour of this solution is that after selecting Import into 1Password...
, the terminal will hang until the user inputs a password. If the password matches the one used to encrypt the file, the encrypted file shows as an import candidate. The problem with this at the moment is that I was unable to find a straightforward way to to output a prompt to the terminal through os.Stdout
, something like Encrypted file passphrase:
. Any suggestions on how I can do this?Currently, the terminal just hangs.
If there's currently no good solution for what I just mentioned, a sub-optimal solution could be to assign a dummy function. This way, encrypted file import would not be supported, but at least the long invalid memory address or nil pointer dereference
error is avoided:
FilePasswordFunc: func(s string) (string, error) { return "", nil },
Branch created here: wpark/248-aws-vault-importer-file-error
This approach looks right to me!
Platform or tool
AWS
Desired or expected behavior
aws-vault
using an encrypted file as the backend:aws-vault add file-profile --backend file
op plugin init aws
>Import into 1Password...
You should see
Encrypted file (file-profile)
as one of the import candidates, alongside any other valid import candidates that should show based on where you stored your AWS credentials.Current behavior
You get a long
invalid memory address or nil pointer dereference
error in the terminal, and no import candidates (AWS Vault, file importer) are shown.The error is being triggered when calling
keyring.AvailableBackends()
. The cause is that in thekeyringConfigDefaults
var,FilePasswordFunc
is not currently initialized. Whenkeyring.AvailableBackends()
is called, an attempt is made to accessk.passwordFunc
even though it doesn't exist.Relevant log output
op CLI version
Internal build based off of 2.16.1