terraform-provider-pass icon indicating copy to clipboard operation
terraform-provider-pass copied to clipboard

Published 20 hours ago verified publisher icon camptocamp

decrypt pass once before running terraform plan/apply

Open jzielke84 opened this issue 6 years ago • 4 comments
trafficstars

When pass never has decrypted a given store, terraform plan fails with "failed to decrypt" error message. After manually doing a pass ls /path/to/key and enter the GPG password, it works fine.

Maybe a function should be implemented in the terraform data-source doing a pass ls command silently first to make GPG asking for a password once.

jzielke84 avatar Feb 12 '19 14:02 jzielke84

Any plans on this?

jzielke84 avatar Aug 02 '19 08:08 jzielke84

I can't reproduce this...

mcanevet avatar Aug 03 '19 05:08 mcanevet

Maybe it's an OSX specific issue. I'll try to see if this behavior has changed already.

jzielke84 avatar Aug 05 '19 16:08 jzielke84

This might not be fixable within provider. I have a similar issue with other automation that uses pass (on linux). When I run this after logging in, it will fail with a message that a key is not present. For some reason gpg-agent thinks it has no console and refuses to run any form of pinentry. The only thing I can do at that point is stop gpg-agent and run pass from console at least once.

In my case it isn't about decrypting this or the other store, it's about gpg not seeing it's keys because it wasn't launched directly in terminal.

torinthiel avatar Mar 03 '21 14:03 torinthiel

Closing this issue based on the last comment.

yann-soubeyrand avatar Jan 09 '24 09:01 yann-soubeyrand