You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Some programs (in this case, Chef knife) expect the file extension to reflect the data type of the file.
When performing sops exec-file --filename tmp.json --no-fifo my-role.json 'knife role from file {}', knife breaks because the file name is not tmp.json, as requested, but something along the lines of /private/var/folders/vy/_x8ql9xb6ehd634h9q00000gn/T/.sops2839518645/tmp.json3758396011.
In my opinion, there is no real benefit for sops to essentially randomize the extension, as the whole path is essentially security by obscurity anyhow and adding one more unnecessary "layer" to it won't prevent shell globbing from catching the file name anyway.
When using a FIFO (default), the temporary file name is as expected, with no random suffix appended to the file name.
Thanks.
The text was updated successfully, but these errors were encountered:
Interestingly this behavior was kept when #761 got implemented, whose aim was Some tools (e.g. Terraform) require the right file extension to recognize the file type..
My guess is that it it's OK to keep the random extension if --filename isn't specified, but it definitely shouldn't use a random extension in case --filename is specified.
Hello,
Some programs (in this case, Chef
knife
) expect the file extension to reflect the data type of the file.When performing
sops exec-file --filename tmp.json --no-fifo my-role.json 'knife role from file {}'
,knife
breaks because the file name is not tmp.json, as requested, but something along the lines of/private/var/folders/vy/_x8ql9xb6ehd634h9q00000gn/T/.sops2839518645/tmp.json3758396011
.In my opinion, there is no real benefit for sops to essentially randomize the extension, as the whole path is essentially security by obscurity anyhow and adding one more unnecessary "layer" to it won't prevent shell globbing from catching the file name anyway.
When using a FIFO (default), the temporary file name is as expected, with no random suffix appended to the file name.
Thanks.
The text was updated successfully, but these errors were encountered: