But then you're no longer able to use docker compose interpolation within the environment variables, which can be a problem if it's being done for some other variables, e.g the following only works when environment is a list of strings, if it's a mapping you can't do this anymore:
I'm submitting a ...
What is the current behavior?
Secrets are not detected in (docker compose) yaml files when a top-level entry for a string is present.
This will not detect any secrets:
But changing the first line to
version: 3.8
will:edit: actually, it's a bit more complex, when removing the
version
value secrets are detected:Unless you add in something else which is not a mapping to a string:
Changing
environment
from a list of strings to a mapping fixes the issue though:But then you're no longer able to use docker compose interpolation within the environment variables, which can be a problem if it's being done for some other variables, e.g the following only works when
environment
is a list of strings, if it's a mapping you can't do this anymore:Secrets to be detected when a string entry is present before some nested structure.
What is the motivation / use case for changing the behavior?
Please tell us about your environment:
Other information
Problem seems to be with the yaml parser, for the buggy case of
version: "3.8"
thelines
variable indetect_secrets.scan:269
is:So nothing was parsed after that value, which is why the secret isn't found. For the working case of
version: 3.8
it is: