[BUG] The Vault action fails if the secret key contains a dot
AlexandarNaydenov opened this issue · 6 comments
Vault server version
Vault 1.14.3 enterprise
vault-action version
v2.7.4
Describe the bug
The Vault Action fails if the secret key contains a dot.
Example: secret.token
To Reproduce
The yaml of the vault-action
step:
steps:
- name: Get Secrets from Vault
uses: hashicorp/vault-action@v2
with:
url: https://vault...
namespace: some-namespace
secrets: |
kv/data/path/secret secret_token | SECRET_TOKEN1 ;
kv/data/path/secret secret.token | SECRET_TOKEN2 ;
The first example with secret key secret_token
works without problem, but ok the second one fails with an error log:
::error::Unable to retrieve result for data.data.secret.token. No match data was found. Double check your Key or Selector.
Screenshot of the Vault UI:
Expected behavior
To work with both secret keys.
Hi @AlexandarNaydenov ! I am sorry you are having trouble. Can you try to use single quotes around the key?
secrets: |
kv/data/path/secret 'secret.token' | SECRET_TOKEN1 ;
I believe that should allow proper handling of the dot character.
I am dealing with a similar issue but with a space character instead of a dot.
secrets: |
kv/data/path/secret 'secret token' | SECRET_TOKEN1 ;
Should this work, or are spaces not allowed in the name of the secret token?
Should I make a new ticket for this? Or would should they have the same fix (I've tried wrapping it in single quotes as you recommended above but that didn't see to work, curious if it will for '.'
Hi @mourtallah, @fairclothjm,
I have tried both "secret.token" and 'secret.token' and it didn't worked. The error is still the same.
According to the JSONata docs, the correct character for quoting is the backtick
Have you tried:
`secret.token`
and
`secret token`
?
This works for me by enclosing the key within square brackets.
secrets: |
kv/data/path/secret [secret.token] | SECRET_TOKEN1 ;
Closing since @andyspiers's link to the JSONata docs seems to resolve the issue. https://docs.jsonata.org/simple
Field references containing whitespace or reserved tokens can be enclosed in backticks
Please reopen an issue if you are still encountering trouble.