AGresvig
commented
8 years ago +1. This would be very handy indeed!
Closed jifeon closed 7 years ago
AGresvig
commented
8 years ago +1. This would be very handy indeed!
jifeon
commented
8 years ago @joker1007 should YAML_VAULT_SIGN_PASSPHRASE help me?
joker1007
commented
8 years ago I 'm sorry for late response.
yaml_vault can set salt correctly.
it is caused by different reason that all encrypted line is changed by re-encoding file.
This encryption is based on ActiveSupport::MessageEncryptor.
And ActiveSupport::MessageEncryptor use OpenSSL random initial vector.
This initial vector cannot change by public API. initial vector is always different value on each time.
I don't want to monkey patch to ActiveSupport::MessageEncryptor, and so this probrem is inevitable.
But, each initial vector has no relation. Because of it, If you want to change only one line, you can copy the line from re-encoded file to current encoded file. You can decrypt this file by same passphrase and same salt correctly.
Please forgive a little bit of effort.
jifeon
commented
7 years ago btw implemented https://github.com/plyo/node-yaml-vault to solve the issue. We intensively use node.js, so it's pure node.js solution. Maybe will be useful for somebody with same problems.
We keep encoded files in git, when I change one decoded line and re-encode a file all the hashes are changed. It's not useful to review a diff with a lot of fake changes. Can I set the salt somehow to get the same output for the same input?