Closed wmuizelaar closed 5 years ago
Added info about my environment locally:
$ echo $SHELL
/usr/local/bin/bash
$ /usr/local/bin/bash --version
GNU bash, version 5.0.11(1)-release (x86_64-apple-darwin18.6.0)
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
echo 'testsecretwithoutnewline'
^ on most operating systems, this actually does include a newline. Usually you need to pass the -n
flag to tell echo
not to include a newline. Does it reproduce if you use echo -n ...
?
You're right, -n
could have impact on this. But that doesn't explain the difference between the berglas access
and berglas exec
output?
When I try to reproduce with -n
, I get this response:
echo -n 'testsecretwithoutnewline' | berglas create berglas-wietse/testsecret2 - --key projects/berglas-wietse/locations/global/keyRings/berglas/cryptoKeys/berglas-key
EOF
berglas is exiting here with exit-code 61. (Note, I'm using the 0.2.0 version, not the master build)
Ok, tested some more, and indeed, the secret is stored including the newline. Silly me :/
Hi,
I run into an issue when using berglas locally with
berglas exec --local
. It seems a newline character is added to the decrypted environment variable, which isn't a part of the originally encrypted secret.Here is a detailed walkthrough of my testing with this, and a reproduction path:
create secret:
Validate it's there:
Validate there is no newline
Use berglas exec
As you can see, in the berglas exec environment, a newline at the end of the secret is suddenly added.