Don't mess with new lines too much
ewjoachim opened this issue · 2 comments
ewjoachim commented
ping @tyoras
- When a secret doesn't contain a new line, it's probably good to strip it from all whitespace characters before saving it, and when displaying it with
--text
, we can add a trailing new line - When a secret contains a newline (let's say it's a multi-line secret), we should not mess with it: no stripping input, and displaying as-is.
Need:
- There are tools that don't like multi-line secrets (a.k.a certs) that don't have a final new line.
tyoras commented
There is a workaround for the second case:
- if the multi-line secret looks like this:
line1
line2
line3
- make it a
yaml
file by wrapping the content like this:
---
|
line1
line2
line3
...
- and finally it can be saved to the vault as a yaml that preserves the final newline:
cat multi_line_secret.yml | vault set --yaml --stdin my_secret_key