sops
sops copied to clipboard
getsops
Argument order for --decrypt
It took me a while to figure this out, but should argument order matter here? 🤔
$ sops -d secrets.yaml
envSecrets:
deploy-key: 12345
$ sops -d secrets.yaml --extract '["envSecrets"]["deploy-key"]'
envSecrets:
deploy-key: 12345
$ sops -d --extract '["envSecrets"]["deploy-key"]' secrets.yaml
12345
Yeah, this is not ideal and it’s an artifact of the CLI library we use. The file name must go last, essentially, since it’s an argument and not a flag.
This is also not specific to —extract.
On Fri, 20 Dec 2019 at 17:13, Donovan H. [email protected] wrote:
It took me a while to figure this out, but should argument order matter here? 🤔
$ sops -d secrets.yaml
envSecrets:
deploy-key: 12345$ sops -d secrets.yaml --extract '["envSecrets"]["deploy-key"]'
envSecrets:
deploy-key: 12345$ sops -d --extract '["envSecrets"]["deploy-key"]' secrets.yaml
12345
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/mozilla/sops/issues/598?email_source=notifications&email_token=AARH4V4CD562MZURFOT6F2LQZTVI3A5CNFSM4J573T22YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4ICADNBQ, or unsubscribe https://github.com/notifications/unsubscribe-auth/AARH4V5CLEWV2BZAQ5X7MYLQZTVI3ANCNFSM4J573T2Q .
I think this should be detected and fail in case any parameters are passed after the file name.
The reason why: I was also stuck on this for a bit until I realized my parameter order was incorrect. I found this issue since I accidentally used the same order as @heydonovan sops -d secrets.yaml --extract '["envSecrets"]["deploy-key"]'. Since it didn't fail, it took too long assuming maybe my --extract syntax was invalid. Only once you fix the order to sops -d --extract '["envSecrets"]["deploy-key"]' secrets.yaml will it begin to only only extract the specified key, but also notify that the key is valid or not.
Should we open a new issue? Is that a bug or considered expected behavior?
It's the same issue. It's considered a bug, and we definitely will welcome PRs that fix it, but it's a tricky one, since it'll affect lots of things and therefore will require some evidence that nothing was broken because of it.
