Command with arguments

[kakoni]

Interesting and useful project, thanks.

When trying to run command with arguments, vault2env fails =>

vault2env --key=secret/mysql ls -la    
unknown shorthand flag: 'l' in -la

Escaping won't help

vault2env --key=secret/mysql "ls -la"    
FATA[0000] exec: "ls -la": executable file not found in $PATH

[Luzifer]

Just use a double-dash to separate commands:

vault2env --key=... -- ls -la

That's not a function of this tool but of your shell but it works.

[Luzifer]

Now this is part of the README. Thanks for bringing the lack of documentation about this to my attention! 🙂

[kakoni]

Aah, thanks. Forgot whole double-dash thing. Perhaps I use this same issue to ask about another thing;

Lets assume secret/mysq has username and password secrets

If I do something like

vault2env --key=secret/mysql -- curl -u$username:$password -v http://localhost:1234

It doesnt work. Curl reports that

* Server auth using Basic with user ''

so username and password are empty.

(vault2env --key=secret/mysql -- env displays them ok)

Any thoughts?

[Luzifer]

As those values are inserted into the env and your variables are evaluated by the surrounding shell this does not work as expected. You can wrap the command with another shell as a "workaround" to get it working:

$ vault write secret/example username=myuser password=mypass
Success! Data written to: secret/example

$ vault2env --key=secret/example -- echo "$username:$password"
:

$ vault2env --key=secret/example -- bash -ec 'echo "$username:$password"'
myuser:mypass

[Luzifer]

I've added this as an example to a new wiki page: https://github.com/Luzifer/vault2env/wiki/Usage-Examples (It will get linked in the README soon)

[kakoni]

Oh right, thanks. I testing shell wrapping with double quotes earlier vault2env --key=secret/example -- bash -c "echo $username" and this doesn't work. So perhaps that should be noted in that usage examples also.

Thanks for the help, now everything works as it should.