Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] The Vault action fails if the secret key contains a dot #504

Closed
AlexandarNaydenov opened this issue Nov 17, 2023 · 6 comments
Closed

[BUG] The Vault action fails if the secret key contains a dot #504

AlexandarNaydenov opened this issue Nov 17, 2023 · 6 comments
Labels
bug Something isn't working

Comments

@AlexandarNaydenov
Copy link

Vault server version

Vault 1.14.3 enterprise

vault-action version

v2.7.4

Describe the bug

The Vault Action fails if the secret key contains a dot.
Example: secret.token

To Reproduce

The yaml of the vault-action step:

steps:
      - name: Get Secrets from Vault
        uses: hashicorp/vault-action@v2
        with:
          url: https://vault...
          namespace: some-namespace
          secrets: |
            kv/data/path/secret secret_token | SECRET_TOKEN1 ;
            kv/data/path/secret secret.token | SECRET_TOKEN2 ;

The first example with secret key secret_token works without problem, but ok the second one fails with an error log:

::error::Unable to retrieve result for data.data.secret.token. No match data was found. Double check your Key or Selector.

Screenshot of the Vault UI:

Screenshot 2023-11-17 at 17 08 05

Expected behavior

To work with both secret keys.
@AlexandarNaydenov AlexandarNaydenov added the bug Something isn't working label Nov 17, 2023
@fairclothjm
Copy link
Contributor

Hi @AlexandarNaydenov ! I am sorry you are having trouble. Can you try to use single quotes around the key?

          secrets: |
            kv/data/path/secret 'secret.token' | SECRET_TOKEN1 ;

I believe that should allow proper handling of the dot character.

@mourtallah
Copy link

mourtallah commented Nov 18, 2023
edited
Loading

I am dealing with a similar issue but with a space character instead of a dot.

      secrets: |
        kv/data/path/secret 'secret token' | SECRET_TOKEN1 ;

Should this work, or are spaces not allowed in the name of the secret token?
Should I make a new ticket for this? Or would should they have the same fix (I've tried wrapping it in single quotes as you recommended above but that didn't see to work, curious if it will for '.'

@AlexandarNaydenov
Copy link
Author

Hi @mourtallah, @fairclothjm,
I have tried both "secret.token" and 'secret.token' and it didn't worked. The error is still the same.

@andyspiers
Copy link

According to the JSONata docs, the correct character for quoting is the backtick

Have you tried:

`secret.token`

and

`secret token`

?

@quang-do-se
Copy link

quang-do-se commented Feb 14, 2024
edited
Loading

This works for me by enclosing the key within square brackets.

secrets: |
  kv/data/path/secret [secret.token] | SECRET_TOKEN1 ;

@fairclothjm
Copy link
Contributor

Closing since @andyspiers's link to the JSONata docs seems to resolve the issue. https://docs.jsonata.org/simple

Field references containing whitespace or reserved tokens can be enclosed in backticks

Please reopen an issue if you are still encountering trouble.

@hazerlin-houzz hazerlin-houzz mentioned this issue Apr 12, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@andyspiers @fairclothjm @quang-do-se @mourtallah @AlexandarNaydenov