Unsecure handling with decrypted vaults

adambullmer / sublime_ansible_vault

Ansible vault manipulation in Sublime Text

MIT License

6 stars 2 forks source link

Unsecure handling with decrypted vaults #1

Closed offlinehoster closed 7 years ago

offlinehoster commented 8 years ago

When using decrypt the file is unencrypted written to the disk. If you now make a mistake and save the file by strg+s you will have a plaintext vault file with secrets on your disk.

That's a security bug i think.

The way should be to write this to a temp file or to the mem and edit the file there...and save it back as encrypted file.

adambullmer commented 7 years ago

This functionality is no different than how decrypting and re-encrypting a vault using the ansible CLI works today. The View command will show a temporary in memory file of the contents, however it is not an editable file. (Also still needing to figure out how to set the syntax highlighting on it correctly).

offlinehoster commented 7 years ago

When you save a softlink file on a linux system you only change the destination inode not the softlink inode!

That is a bug!