Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"#" in value of key is treated like a comment in ini file after decrypting #1597

Open
zenoweed opened this issue Sep 6, 2024 · 4 comments
Open

"#" in value of key is treated like a comment in ini file after decrypting #1597

zenoweed opened this issue Sep 6, 2024 · 4 comments

Comments

@zenoweed
Copy link

zenoweed commented Sep 6, 2024

I have a key pair:

secret = here#there

after encrypting, and then decrypting:

secret = here
;there

How do I keep hashes and other special characters in the value. This does not happen in json. I have sops 3.7.3.
@felixfontein
Copy link
Contributor

Hmm, this seems to be how the INI package that SOPS uses (https://github.com/go-ini/ini/) operates. I've tried a few things (single quotes, double quotes, escape with backslash) and they didn't help...

@felixfontein
Copy link
Contributor

Ok, now I found https://ini.unknwon.io/docs/howto/work_with_comments (it was not loading for some reason when I tried earlier), and it says that you can use single backticks (`) or triple double quotes (""") to quote text to avoid interpreting ; or # as comments:

foo = `bar#baz`
this = """is;secret"""

After decrypting it will use backticks:

foo = `bar#baz`
this = `is;secret`

While this works, I'm not sure whether this helps with other programs processing the output...

(It would be better to set SpaceBeforeInlineComment to true, or even IgnoreInlineComment to true, but that would be a breaking change...)

@zenoweed
Copy link
Author

Hi @felixfontein. Thanks for replying. Sorry for the delay to get back to you.

foo = `bar#baz`` # this works
this = """is;secret""" # this works too

The above way code works but using it with jq:

zenoweed:~/Documents/secretfiles/sopsinvet$ sops -d secret.ini | jc --ini | jq '.secret'
"`he#e`"

This is going to half work i think. Well as of now we'll try not to have #s in out credentials.

As for your other advice:

(It would be better to set SpaceBeforeInlineComment to true, or even IgnoreInlineComment to true, but that would be a breaking change...)

Is it possible to toggle these with cli options like a -c or something?

@felixfontein
Copy link
Contributor

As for your other advice:

(It would be better to set SpaceBeforeInlineComment to true, or even IgnoreInlineComment to true, but that would be a breaking change...)

Is it possible to toggle these with cli options like a -c or something?

No. These are internal options of the INI library that are not used by SOPS at the moment, and there's no way to use them right now.

This was referenced Sep 13, 2024
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@felixfontein @zenoweed