Perform a base64 decode on secret before saving to disk

[hongkongkiwi]

Suggestion for a really useful feature that would make my life easier.

I have a DER encoded certificate which is encoded as base64 that I'm storing in the cloud.

It would be really great to have a flag which gets novops to run a base64 decode on the object after downloading it to get it back to a binary file (obviously this is only really appropriate when the secret is put into a file, not an environment variable).

This allows binary files to be used as secrets in various cases. I imagine this is also useful when dealing with encrypted blobs when the end device handles decryption.

[PierreBeucher]

That's an interesting use case ! To make this more generic, how about a kind of "post-processing" so it can be base64 decode or something else, such as:

environments:
  dev:
    variables:
      - name: MY_B64_VAR
        value: ZGVjb2RlLW1lCg== 
        postprocess:
          base64decode: 

I'm not sure about the postprocess, but an option like this on the item itself seems a possible way of implementing this.

[hongkongkiwi]

Yes, postprocess could work here. I guess having an option for other postprocess could be good, that could lead into having local decryption too easy enough as it's just another postprocessor.