Secure keyring storage doesn't work with KeepassXC

Infisical / infisical

♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI

https://infisical.com

Other

15.01k stars 851 forks source link

Secure keyring storage doesn't work with KeepassXC #2236

Open Real-Gecko opened 1 month ago

Real-Gecko commented 1 month ago

Describe the bug

When using KeepassXC Freedsktop.org Service integration feature infisical-cli is unable to get secrets during infisical init

To Reproduce

Steps to reproduce the behavior:

Setup KeepassXC as your default system keyring
Use infisical login to login to your server
Navigate to project and run infisical init
Observe error: failed to fetch creditnals from keyring because [err=something went wrong, failed to retrieve value from system keyring [error=org.freedesktop.Secret.Error.IsLocked]]

Expected behavior

Retreive credintials from KeepassXC

Platform you are having the issue on:

Arch Linux

Additional context

Looks like known problem with go-keyring https://github.com/cli/cli/issues/8691 https://github.com/zalando/go-keyring/issues/88

maidul98 commented 1 month ago

This has been resolved in CLI version v0.27.0. Can you please confirm?

Real-Gecko commented 1 month ago

Alas no: I've deleted Infisical record from DB and retried everything from scratch, after login a new record is successfully created, but init still fails

maidul98 commented 1 month ago

Can you please run the following command infisical vault set file --passphrase <your-passphrase> and try again?

Real-Gecko commented 1 month ago

maidul98 commented 1 month ago

Hey @Real-Gecko , the previous release of the CLI did not include the change. Please update the CLI once more please

Real-Gecko commented 1 month ago

But there's definitely a progress, DB was locked when I issued command, and keepass asked confirmation for request. However result is not positive yet.

maidul98 commented 1 month ago

You will need to reset the cli by running infisical reset then try again

Real-Gecko commented 1 month ago

realgecko@rog-strix ~/W/O/f/backend (master)> infisical reset
Reset successful
realgecko@rog-strix ~/W/O/f/backend (master)> infisical login
✔ Self Hosting
✔ Domain: ***********█

To complete your login, open this address in your browser: ***********/login?callback_port=40353 

Once login is completed via browser, the CLI should be authenticated automatically.
However, if browser fails to communicate with the CLI, please paste the token from the browser below.

Token: Browser login successful
>>>> Welcome to Infisical! You are now logged in as *********** <<<< 

Quick links
- Learn to inject secrets into your application at https://infisical.com/docs/cli/usage
- Stuck? Join our slack for quick support https://infisical.com/slack
realgecko@rog-strix ~/W/O/f/backend (master)> infisical init
error: we couldn't find your logged in details, try running [infisical login] then try again
Unable to get your login details

If this issue continues, get support at https://infisical.com/slack
realgecko@rog-strix ~/W/O/f/backend (master) [1]>

When I run infisical reset record disappears from DB, when I run infisical login it appears after successful login, but result is still the same.

AlanD20 commented 3 weeks ago

Hey! I stumbled upon this issue from one of my related issues. Looks like the go-keyring for this cli project is not using the go-keyring-v0.2.5. This issue was fixed at https://github.com/zalando/go-keyring/releases/tag/v0.2.5.