gopass
gopass copied to clipboard
gopasspw
Inserting a key to a plain secret does not work
Summary
When inserting a key to a secret which is in plain format, the key is not inserted, but it doesn't error out.
This is a problem since it can cause data loss.
To reproduce
gopass config mime false
echo "and\nmore" | gopass insert test
gopass config mime true
gopass show test
echo "ahah" | gopass insert test lol
gopass show test
We have lost the value ahah for the key lol without any error.
Notice this works as it should when using mime set to true. But this won't work if the secret was created while mime was set to false, or using pass/another pw store.
This seems caused by the fact that the function Set from plain is called, which only works if it is called using the key "password"...
Yes, this sounds like something we need to fix. At the moment Set() does not return anything, so we'd need to change to in order to be able to properly error out.
I propose to push this to 1.11 when we'll change the way we handle secrets again.
This is somewhat corrected after #1681 and #1665 but it currently displays with parsing enabled:
and
lol: ahah
more
Even if insert -a is used.
And I think we would rather expect to get:
and
more
lol: "ahah"
with the data appended at the end, no?
And with parsing disabled it says:
Error: failed set key "lol" of "test": "not supported for PLAIN"
Todo:
- [ ] Create a test case to reproduce it/check it
- [ ] Create a code path to "transform" a plain secret into a YAML secret with the existing password and body of the plain secret when someone is adding a key to one.
Store.Set() was changed to return an error and Plain.Set() now always returns an error.
I'm note quite sure what you want to test in the proposed test case. Maybe you could try to take care of that or elaborate how it should look like.
The Plan type is gone and it's relacement (AKV) does support inserting keys.