-
Notifications
You must be signed in to change notification settings - Fork 437
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kamal secrets extract
JSON parse error on shell escaped secrets
#1007
Comments
I'm not really a Ruby dev, so this might be an inappropriate solution, but Chat GPT helped me devise this alternative implementation of desc "extract", "Extract a single secret from the results of a fetch call"
option :inline, type: :boolean, required: false, hidden: true
def extract(name, secrets)
unescaped_secrets = Shellwords.shellsplit(secrets).first
parsed_secrets = JSON.parse(unescaped_secrets)
... If |
Even with my little hack above, something was not working right. I attempted to continue by switching
I confirmed in my Django shell that the SECRET_KEY setting was set to that long raw value. My best guess is that not doing the command substitution was also why my For completeness, here is my
|
Thanks for the report @mblayman! This worked ok when you specified the |
Ok that approach won't work, the problem is that the #1009 adds a |
Ran into the same issue. FWIW, this is my current workaround in
|
@blvrd, yeah, I ended up doing the same thing and used the 1password CLI directly just like you did. |
@blvrd Thanks for posting your solution. I just burned about 45 knocking my head against this trying to figure out the escape error. |
Hi!
I'm trying to use the new secret helpers from Kamal 2 to manage secrets for my project. I tried to follow the style listed in the secrets documentation under "Environment variables", but I'm running into a problem with shell escaping.
I think what is happening is that the raw secrets JSON data is getting to the Ruby parsing code with the shell escape characters still intact. Parsing fails because the JSON parser doesn't accept the backslashes.
I tried to do some
puts
debugging in theextract
method oflib/kamal/cli/secrets.rb
to confirm what was going into theJSON.parse
call. You can see from my output below that the shell escape characters are still present.I attempted this on bash and zsh to try to rule out differences in shells.
Is there supposed to be a different way to invoke
kamal secrets fetch
orkamal secrets extract
?Thanks for the help! I hope this bug report is useful. Please let me know if y'all need any other info.
The text was updated successfully, but these errors were encountered: