"#" in value of key is treated like a comment in ini file after decrypting
zenoweed opened this issue · 4 comments
I have a key pair:
secret = here#there
after encrypting, and then decrypting:
secret = here
;there
How do I keep hashes and other special characters in the value. This does not happen in json. I have sops 3.7.3.
Hmm, this seems to be how the INI package that SOPS uses (https://github.com/go-ini/ini/) operates. I've tried a few things (single quotes, double quotes, escape with backslash) and they didn't help...
Ok, now I found https://ini.unknwon.io/docs/howto/work_with_comments (it was not loading for some reason when I tried earlier), and it says that you can use single backticks (`) or triple double quotes (""") to quote text to avoid interpreting ; or # as comments:
foo = `bar#baz`
this = """is;secret"""After decrypting it will use backticks:
foo = `bar#baz`
this = `is;secret`While this works, I'm not sure whether this helps with other programs processing the output...
(It would be better to set SpaceBeforeInlineComment to true, or even IgnoreInlineComment to true, but that would be a breaking change...)
Hi @felixfontein. Thanks for replying. Sorry for the delay to get back to you.
foo = `bar#baz`` # this works
this = """is;secret""" # this works too
The above way code works but using it with jq:
zenoweed:~/Documents/secretfiles/sopsinvet$ sops -d secret.ini | jc --ini | jq '.secret'
"`he#e`"
This is going to half work i think. Well as of now we'll try not to have #s in out credentials.
As for your other advice:
(It would be better to set SpaceBeforeInlineComment to true, or even IgnoreInlineComment to true, but that would be a breaking change...)
Is it possible to toggle these with cli options like a -c or something?
As for your other advice:
(It would be better to set SpaceBeforeInlineComment to true, or even IgnoreInlineComment to true, but that would be a breaking change...)
Is it possible to toggle these with cli options like a -c or something?
No. These are internal options of the INI library that are not used by SOPS at the moment, and there's no way to use them right now.