dotenv file decryption does not work properly

[technodrome]

Hi,

.sops.yaml:

creation_rules:
  - path_regex: '(\.env)$'

Given a .env file with common K/V pairs, I see Encrypt button. However, when pressed, no temporary file is created or opened and the only way to decrypt the file is manually. On top of that, a notification pops up: Could not parse file .env as yaml or json

Even though the extension encrypts the file, it seems it also tries to parse the file as JSON, fails and stops there so no temporary file is emitted. I didn't go through the code so not sure whether this feature is missing or it is just a bug.

Please note the emitted encrypted dotenv files should be called .enc.env, not the other way around, due to this "feature" (I'd say a bug): https://github.com/mozilla/sops/issues/404#issuecomment-444906254

Environment: Version: 1.79.0-insider (Universal) Commit: 2575777b9d3cdb865d61f9f1dfaac1fea9e1bde6 Date: 2023-05-12T05:23:47.826Z (3 days ago) Electron: 22.5.2 Chromium: 108.0.5359.215 Node.js: 16.17.1 V8: 10.8.168.25-electron.0 OS: Darwin x64 22.4.0 Sandboxed: Yes

[bvanderhorn]

Hi @technodrome,

Designed functioning of the extension here is as follows:

• If the file is currently NOT encrypted, it will just open the file normally and show an encrypt option for you to manually encrypt if desired
  • When checking if the file is encrypted or not, it detects that the file is not yaml or json serializable, meaning it is indeed not encrypted. This is what you are informed of. Thanks for letting me know this may be confusing.
• If a previously-not-encrypted file is open in editor and manually encrypted using encrypt button, it will NOT create a .tmp.env copy for you. This will only happen if it already was encrypted on opening the file.
• Also, this extension will never create a .enc.* version for you; how you name your encrypted files and how they match your .sops.yaml regexes is totally up to you.

Please let me know if this answers your questions, or if I misunderstood you!

Thanks in advance, Bram

[bvanderhorn]

Hi @technodrome ,

We tested with .env and .ini files and noticed that indeed the extension did not detect correctly if they are encrypted or not. Also, the mentioned notification about a file being parseable as yaml or json confuses more than it informs, and will be removed.

We expect a fix to be deployed later this week.

[technodrome]

Hi Bram,

If I open an encrypted dotenv file, I expect to see a "Decrypt" button. Which is not the case, so extension's behavior is buggy/inconsistent. Upon opening an encrypted file, one would expect to see button to decrypt. However, what I see is yet another "Encrypt" button, which will cause double encryption. This clearly is not expected behavior.

.tmp.env copy for you. This will only happen if it already was encrypted on opening the file.

This is not happening either. Upon opening a previously encrypted dotenv file, no .tmp.env file is created.

Thanks for the update.