sops icon indicating copy to clipboard operation
sops copied to clipboard

Published 20 hours ago verified publisher icon getsops

Writing encrypted output to same file causes crash

Open christhegrand opened this issue 2 years ago • 0 comments

I have a secrets YML file I want to encrypt. If I run this encryption command from the command line, sops prints out the encrypted data successfully:

Chriss-MacBook-Pro:Backend GOOGLE_APPLICATION_CREDENTIALS=Deploy/Terraform/stage/xxx-Staging.json sops --encrypt --gcp-kms projects/xxx-staging/locations/us-west1/keyRings/xxx-key-ring/cryptoKeys/xxx-crypto-key

If I run this instead and try to write the encrypted version of the data back to the same file, this error occurs:

Chriss-MacBook-Pro:Backend GOOGLE_APPLICATION_CREDENTIALS=Deploy/Terraform/stage/xxx-Staging.json sops --encrypt --gcp-kms projects/xxx-staging/locations/us-west1/keyRings/xxx-key-ring/cryptoKeys/xxx-crypto-key Deploy/Kubernetes/secrets/stage.enc.yml > Deploy/Kubernetes/secrets/stage.enc.yml
panic: runtime error: index out of range [0] with length 0

goroutine 1 [running]:
main.encrypt({{0x1c2afd0, 0xc0004f9410}, {0xa4652d8, 0x225d1e0}, {0xa4652d8, 0x225d1e0}, {0xc000160640, 0x47}, {0xc00043d000, 0x1, ...}, ...})
        /private/tmp/sops-20220311-22333-2wflpl/sops-3.7.2/cmd/sops/encrypt.go:68 +0x634
main.main.func8(0xc00018ef20)
        /private/tmp/sops-20220311-22333-2wflpl/sops-3.7.2/cmd/sops/main.go:788 +0xa38
gopkg.in/urfave/cli%2ev1.HandleAction({0x190c3a0, 0x1aa8f70}, 0x27)
        /Users/brew/Library/Caches/Homebrew/go_mod_cache/pkg/mod/gopkg.in/urfave/[email protected]/app.go:490 +0x5a
gopkg.in/urfave/cli%2ev1.(*App).Run(0xc0003d16c0, {0xc000136000, 0x5, 0x5})
        /Users/brew/Library/Caches/Homebrew/go_mod_cache/pkg/mod/gopkg.in/urfave/[email protected]/app.go:264 +0x5e6
main.main()
        /private/tmp/sops-20220311-22333-2wflpl/sops-3.7.2/cmd/sops/main.go:987 +0x3699

Writing to a different file works successfully:

GOOGLE_APPLICATION_CREDENTIALS=Deploy/Terraform/stage/xxx-Staging.json sops --encrypt --gcp-kms projects/xxx-staging/locations/us-west1/keyRings/xxx-key-ring/cryptoKeys/xxx-crypto-key Deploy/Kubernetes/secrets/stage.enc.yml > Deploy/Kubernetes/secrets/stage.yml

I am on sops version 3.7.2 on MacOS 11.6.

christhegrand avatar Apr 12 '22 17:04 christhegrand