Interpolation issues with K8s mutating webhook

Question

Interpolation issues with K8s mutating webhook

SalvaFiorenza8 opened this issue 4 years ago · 3 comments

After creating the mutating webhook using the docs,a secret:

berglas create secrets-bucket/my-secret "foo<bar" --key ${KMS_KEY}

a dockerized application in Flask:

import os
from flask import Flask

app = Flask(__name__)


@app.route('/')
def env_var():
    return f"I have this env var! MY_SECRET={os.getenv('MY_SECRET')}"

and a K8s deployment:

...
          command: ["flask", "run"]
          args: ["--host", "0.0.0.0"]
          env:
            - name: MY_SECRET
              value: berglas://secrets-bucket/my-secret
...

I expect to see in my browser the following message:

I have this env var! MY_SECRET=foo<bar

Instead I see:

I have this env var! MY_SECRET=foo

but if i execute

berglas access secrets-bucket/my-secret

I receive the correct value foo<bar. So I suspect at some point, the webhook is interpolating the characters in the secret, I'm not used to K8s, Cloud Functions or Go yet and haven’t had a chance to check the cause properly. Other char that is also failing to show correctly is $

Answer 1 · 2020-09-18T13:38:15.000Z

Can you view the page source? I suspect your browser is interpreting <bar as the start of an html tag and therefore you don't see it...

Answer 2 · 2020-09-18T14:10:55.000Z

Yeah that's rigth. The value appears at the HTML source. Thanks!

Answer 3 · 2020-10-03T00:56:30.000Z

This issue has been automatically locked since there has not been any
recent activity after it was closed. Please open a new issue for
related bugs.