search

getsops / sops

Simple and flexible tool for managing secrets
https://getsops.io/
Mozilla Public License 2.0
17.07k stars 880 forks source link

"#" in value of key is treated like a comment in ini file after decrypting #1597

Open zenoweed opened 2 months ago

zenoweed commented 2 months ago

I have a key pair:

secret = here#there

after encrypting, and then decrypting:

secret = here
;there

How do I keep hashes and other special characters in the value. This does not happen in json. I have sops 3.7.3.

felixfontein commented 2 months ago

Hmm, this seems to be how the INI package that SOPS uses (https://github.com/go-ini/ini/) operates. I've tried a few things (single quotes, double quotes, escape with backslash) and they didn't help...

felixfontein commented 2 months ago

Ok, now I found https://ini.unknwon.io/docs/howto/work_with_comments (it was not loading for some reason when I tried earlier), and it says that you can use single backticks (`) or triple double quotes (""") to quote text to avoid interpreting ; or # as comments:

foo = `bar#baz`
this = """is;secret"""

After decrypting it will use backticks:

foo = `bar#baz`
this = `is;secret`

While this works, I'm not sure whether this helps with other programs processing the output...

(It would be better to set SpaceBeforeInlineComment to true, or even IgnoreInlineComment to true, but that would be a breaking change...)

zenoweed commented 2 months ago

Hi @felixfontein. Thanks for replying. Sorry for the delay to get back to you.

foo = `bar#baz`` # this works
this = """is;secret""" # this works too

The above way code works but using it with jq:

zenoweed:~/Documents/secretfiles/sopsinvet$ sops -d secret.ini | jc --ini | jq '.secret'
"`he#e`"

This is going to half work i think. Well as of now we'll try not to have #s in out credentials.

As for your other advice:

(It would be better to set SpaceBeforeInlineComment to true, or even IgnoreInlineComment to true, but that would be a breaking change...)

Is it possible to toggle these with cli options like a -c or something?

felixfontein commented 2 months ago

As for your other advice:

(It would be better to set SpaceBeforeInlineComment to true, or even IgnoreInlineComment to true, but that would be a breaking change...)

Is it possible to toggle these with cli options like a -c or something?

No. These are internal options of the INI library that are not used by SOPS at the moment, and there's no way to use them right now.