segmentio / chamber

CLI for managing secrets
MIT License
2.48k stars 170 forks source link

Bug Importing UPPER_CASE_KEYs #369

Closed pop closed 1 year ago

pop commented 1 year ago

Hello 👋 when using chamber import with keys that are UPPER_CASE chamber is unable to read or delete those values. Here is an example:

$ echo '{"abc": "secretVal", "DEF": "secretVal2"}' | chamber import foo -
Successfully imported 2 secrets
$ chamber list foo
Key     Version         LastModified            User
DEF     1               2023-02-08 14:31:26     arn:aws:sts:: 111111111111:assumed-role/pop
abc     1               2023-02-08 14:31:26     arn:aws:sts:: 111111111111:assumed-role/pop
$ chamber read foo abc    
Key     Value           Version         LastModified            User
abc     secretVal       1               2023-02-08 14:31:26     arn:aws:sts:: 111111111111:assumed-role/pop
$ chamber read foo DEF
Error: Failed to read: secret not found
$ chamber delete foo DEF
Error: secret not found
$ chamber env foo     
export DEF=secretVal2
export ABC=secretVal

The issue is not present with manually chamber write-ing a secret like so:

$ chamber write myservice asdf supersecretvalue
$ chamber read myservice asdf
Key     Value                   Version         LastModified            User
asdf    supersecretvalue        1               2023-02-08 14:30:03     arn:aws:sts:: 111111111111:assumed-role/pop
$ chamber write myservice ASDF supersecretvalue2
$ chamber read myservice ASDF
Key     Value                   Version         LastModified            User
asdf    supersecretvalue2       2               2023-02-08 14:30:26     arn:aws:sts:: 111111111111:assumed-role/pop
$ chamber read myservice asdf                   
Key     Value                   Version         LastModified            User
asdf    supersecretvalue2       1               2023-02-08 14:30:03     arn:aws:sts:: 111111111111:assumed-role/pop

The secrets exist in SSM and can be read just fine with chamber env and added to the environment with chamber exec, but read and delete are broken for just imported UPPER_CASE secrets.

I am using chamber version v2.11.1 with the SSM backend.

I am more than happy to make a PR to attempt to fix the issue if public contributions are welcome and I can get somebody to review the change.

alecjacobs5401 commented 1 year ago

Hey @pop, thanks for reporting!

Looks like this is a duplicate of a few other open issues currently https://github.com/segmentio/chamber/issues/324 https://github.com/segmentio/chamber/issues/160

pop commented 1 year ago

Ah, sounds good. I'll close this out. Wasn't sure if #160 was a feature request or a bug report.

alecjacobs5401 commented 1 year ago

As of https://github.com/segmentio/chamber/releases/tag/v2.12.0, this can now be resolved with

chamber import --normalize-keys

Some more details in the README

This should provide the expected functionality in a non-breaking manner. In a future version, it is likely that this becomes the default behavior

That, combined with the new flag

chamber delete --exact-key

should enable deletion of upper case key values