strong-config check not recognising secrets in yml object structure
Closed this issue · 5 comments
Hi,
I am testing strong-config in a test project of mine but I have problems with strong-config check
:
Strong-config recognises the following code as having a not encrypted secret:
api.url: https://test.com
api.apiSecret: top-secret
This config is not recognised:
api:
url: https://test.com
apiSecret: top-secret
Am I missing something or is this a bug?
Hey @wolframhaussig,
thanks for trying out strong-config!
Unfortunately, I wasn't able to look at your issue in-depth yet, busy week.
It's totally possible that this is a legitimate issue as we haven't tested the dot-syntax (api.url
) yet.
Just to confirm, though:
api:
url: https://test.com
apiSecret: top-secret
⬆️ If you run strong-config check
on this file, it does throw an error, right?
Hey @chapati23 ,
Thank you for your response.
If you run strong-config check on this file, it does throw an error, right?
Basically, it is the other way round. I have added 2 simple examples for you:
failed.yml
works.yml
Using the dot-notation works while the object notation does not:
D:\tmp>strong-config check
√ No secrets found in config\failed.yml, no encryption required.
× Secrets in config\works.yml are NOT encrypted 🚨
× Not all secrets are encrypted
I've pushed up a PR that should fix this @wolframhaussig. PR review and therefore merge may be a bit slow due to Christmas but feel free to check out the PR for now, should work fine: #45
Problem was that we didn't recursively search the entire config object for secrets but only the top-level.
@chapati23 I have just tested your fix and it works like a charm!
cool, it's also released on npm as 0.2.52 now :)