Closed metacoma closed 5 years ago
Thanks!
Because this is evaluated at compile time, you won't be able to base64 encode a secret like that.
Consider using instead
echo -n "dockerhub_password" | kapitan secrets -vvv--write gpg:me/dockerhub/password --base64 -t common -f -
And removing the base64encode filter.
@ramaro @metacoma ... so am I reading this correctly, there is NO way to store the password raw and only render it to be base64? One has to store it in base64 if one needs it to be base64 in the templated files?
Not fully, You can use the reveal function to get a secret and then base64 it with jinja or whatever you want. See example here: https://github.com/deepmind/kapitan/blob/master/examples/kubernetes/inventory/classes/component/mysql.yml
@frittentheke to answer directly to your question: that's correct, at the moment there's no way to store the same password raw and only render it to be base64. You will have to create 2 secrets for the same password with different encodings.
Describe the bug/feature Wrong b64encode behavior with secrets parameters in jinja2 templating
To Reproduce Steps to reproduce the behavior:
inventory/targets/bug
with content:templates/dockerhub.txt
content:kapitan compile -t bug --reveal
cat compiled/bug/data/dockerhub.txt
Expected behavior
cat compiled/bug/data/dockerhub.txt
b64encode function in jinja2 filter caclulate b64sum from '?{gpg:me/dockerhub/password}' value instead of 'dockerhub_password'