getsops / sops

Simple and flexible tool for managing secrets
https://getsops.io/
Mozilla Public License 2.0
16.85k stars 876 forks source link

sops encrypt will encrypt with a broken configuration file, leading to no master key being saved #479

Closed ajvb closed 1 month ago

ajvb commented 5 years ago

sops -e will run with a broken config (only when the creation_rule is a map, - blah: works, -blah doesn't) and not save a master key.

$ cat .sops.yaml 
creation_rules:
  - blah:
$ cat foo.yaml 
foo: bar
$ sops -e foo.yaml 
foo: ENC[AES256_GCM,data:qVOZ,iv:z+vaqV+xcNzghECBO4Cv6zv+wY8ROAAiCFQTzVZB+KU=,tag:R5KV4+Ioke1mtH+2SAuu9g==,type:str]
sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    lastmodified: '2019-06-11T21:54:58Z'
    mac: ENC[AES256_GCM,data:zo2uiTvpVZyP1C+q5g4YQw52MpvRKKZ9bjtSrCPUptSwKgo9G3VGLbvgkqHBqvAkXWxgSR+JLgl2iZLr5Jur1tUDsFEMxd2++8cbpgpCDKUVG6/WMlfxIROyvZKteyyZokwWaspVe5vxpMAdCO7BavwmmOwaRvnp5f+Dq7vDJ3k=,iv:9HsScdpvTCm7DAtVtdOfZ6fYp4J8kO8L9qzKxF6hs5Q=,tag:UnoQYfGhC0K1GPG6zjGgTQ==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.2.0

Interesting edge case. Tested on both 3.2.0 and 3.3.1

ajvb commented 5 years ago

Discovered by typoing - key_groups: as - keygroups: