search

DopplerHQ / cli

The official CLI for interacting with your Doppler secrets and configuration.
https://docs.doppler.com
Apache License 2.0
214 stars 43 forks source link

[BUG] `doppler run` Fails to Mount Ephemeral Secret File on Mac #397

Closed Kynson closed 1 year ago

Kynson commented 1 year ago

Describe the bug TL;DR Running doppler run --mount .env -- <my dev command>. Yet, doppler failed with error Doppler Error: write /Users/path/to/env/.env: broken pipe when the file get read by my development script.

Note: I was trying to mount the file in a directory which is synchronised with iCloud Drive.

To Reproduce

  1. Go to any directory on your Mac that is synchronised with iCloud Drive (probably the ~/Documents directory or its subdirectories)
  2. Run doppler run --mount .env -- zsh (zsh is for demo, so we can read the file using cat)
  3. Run cat .env
  4. The error occurs and TTY crashes

Logs:

Debug: Using config dir /Users/<username>/.doppler
Debug: Using config file /Users/<username>/.doppler/.doppler.yaml
Debug: Reading config file
Debug: Skipping CLI upgrade check due to disallowed command
Debug: Retrieving token from system keyring
Debug: Sending anonymous analytics payload: '{"command":"doppler.run"}'
Debug: Performing HTTP POST to https://cli.doppler.com/v1/analytics
Debug: Using metadata file /Users/<username>/.doppler/fallback/.metadata-<uuid>.json
Debug: Reading metadata file /Users/<username>/.doppler/fallback/.metadata-<uuid>.json
Debug: Performing HTTP GET to https://api.doppler.com/v3/configs/config/secrets/download?config=dev&format=json&include_dynamic_secrets=true&project=<my-proj>
Debug: Request ID <uuid>
Debug: Using cached secrets from fallback file
Debug: Using fallback file for cache /Users/<username>/.doppler/fallback/.secrets-<uuid>.json
Debug: Decrypting cache file
Debug: Parsing encrypted file version 4
Debug: PBKDF2 key derivation used 500000 rounds and took 241 ms
Debug: Detected env format
Debug: Using env format
Debug: Mounting secrets to /Users/path/to/env/.env
% cat .env
Debug: Secrets mount opened by reader
DEV_TOKEN="<REDACTED>"
DEV_TOKEN_HASH="<REDACTED>"
DEV_TOKEN_SALT="<REDACTED>"
DOPPLER_CONFIG="dev"
DOPPLER_ENVIRONMENT="dev"
DOPPLER_PROJECT="<REDACTED>"
WEB_HOOK_URL="<REDACTED>"%                        
% Debug: Secrets mount opened by reader
Unable to mount secrets file
Doppler Error: write /Users/path/to/env/.env: broken pipe

zsh: error on TTY read: Input/output error                                      
% 
Saving session...
zsh: error on TTY read: Input/output error

Saving session...
...copying shared history...
...saving history...
...saving history...truncating history files...rm: /Users/<username>/.zsh_sessions/C5948F23-6D50-48C0-B029-D8238EF1B305.historynew: No such file or directory
truncating history files...
...completed.

...completed.

[Process completed]

Expected behavior The file should mount correctly

Desktop (please complete the following information):

CLI Version: Version: v3.60.1

Additional context

Piccirello commented 1 year ago

This does indeed appear to be a limitation of directories managed by iCloud and not likely something we can address in code. I would recommend mounting secrets outside of directories synced to iCloud.

Kynson commented 1 year ago

Understood, in this case I will go ahead and close this. May I know would Doppler consider mentioning this limitation in the documentation?

Thanks!

Piccirello commented 1 year ago

Definitely! I've added a note about this to our Secrets Access Guide.