Bug Importing UPPER_CASE_KEYs
pop opened this issue ยท 3 comments
Hello ๐ when using chamber import
with keys that are UPPER_CASE chamber is unable to read or delete those values. Here is an example:
$ echo '{"abc": "secretVal", "DEF": "secretVal2"}' | chamber import foo -
Successfully imported 2 secrets
$ chamber list foo
Key Version LastModified User
DEF 1 2023-02-08 14:31:26 arn:aws:sts:: 111111111111:assumed-role/pop
abc 1 2023-02-08 14:31:26 arn:aws:sts:: 111111111111:assumed-role/pop
$ chamber read foo abc
Key Value Version LastModified User
abc secretVal 1 2023-02-08 14:31:26 arn:aws:sts:: 111111111111:assumed-role/pop
$ chamber read foo DEF
Error: Failed to read: secret not found
$ chamber delete foo DEF
Error: secret not found
$ chamber env foo
export DEF=secretVal2
export ABC=secretVal
The issue is not present with manually chamber write
-ing a secret like so:
$ chamber write myservice asdf supersecretvalue
$ chamber read myservice asdf
Key Value Version LastModified User
asdf supersecretvalue 1 2023-02-08 14:30:03 arn:aws:sts:: 111111111111:assumed-role/pop
$ chamber write myservice ASDF supersecretvalue2
$ chamber read myservice ASDF
Key Value Version LastModified User
asdf supersecretvalue2 2 2023-02-08 14:30:26 arn:aws:sts:: 111111111111:assumed-role/pop
$ chamber read myservice asdf
Key Value Version LastModified User
asdf supersecretvalue2 1 2023-02-08 14:30:03 arn:aws:sts:: 111111111111:assumed-role/pop
The secrets exist in SSM and can be read just fine with chamber env
and added to the environment with chamber exec
, but read
and delete
are broken for just imported UPPER_CASE secrets.
I am using chamber version v2.11.1
with the SSM backend.
I am more than happy to make a PR to attempt to fix the issue if public contributions are welcome and I can get somebody to review the change.
Ah, sounds good. I'll close this out. Wasn't sure if #160 was a feature request or a bug report.
As of https://github.com/segmentio/chamber/releases/tag/v2.12.0, this can now be resolved with
chamber import --normalize-keys
Some more details in the README
This should provide the expected functionality in a non-breaking manner. In a future version, it is likely that this becomes the default behavior
That, combined with the new flag
chamber delete --exact-key
should enable deletion of upper case key values