Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Increase --raw readability #874

Open
MatthiasKunnen opened this issue Jun 28, 2022 · 5 comments
Open

Increase --raw readability #874

MatthiasKunnen opened this issue Jun 28, 2022 · 5 comments
Labels
help wanted Feature requests approved by maintainers that are not included in the project roadmap

Comments

@MatthiasKunnen
Copy link

MatthiasKunnen commented Jun 28, 2022

Which component:
kubeseal v0.17.5

Is your feature request related to a problem? Please describe.
The output of --raw when reading from stdin can be confusing in the terminal since the resulting sealed secret is not separated from the input.

Use case explained: to prevent credentials from being stored in .bash_history, I use kubeseal as follows:

me@machine:~$ kubeseal --raw --from-file=/dev/stdin --name api-secret
secret[CTRL+D][CTRLD+D]

this results in

bash

me@machine:~$ kubeseal --raw --from-file=/dev/stdin --name api-secret
secretAgChx0O7SeSnISjeaF8G+/.../ajUGQ=me@machine:~$

zsh

me@machine:~$ kubeseal --raw --from-file=/dev/stdin --name api-secret
secretAgChx0O7SeSnISjeaF8G+/.../ajUGQ=%
me@machine:~$

Now you'll have to be very careful not to accidentally copy the secret before the actual encrypted content and the prompt/percent sign that follows.

Describe the solution you'd like
Either detect tty or add a --human/--formatted/--pretty that adds padding to the commands output.

Suggested output:

me@machine:~$ kubeseal --raw --from-file=/dev/stdin --name api-secret
Enter the secret and end with CTRL+D twice:
top-secret-value-here <-- this gets entered by the user followed by double CTRL+D

Secret:
AgBDtACVq1KlnbTXvEiCXtY+eE8QvuoexnWlPOOXlG+B9mPqPNX+H2qYSskvHdJoB0d6LpfbXDMGGy0p/PnrBdLMkp8UmukCe7rjmPdOvgx2v8b4JgtJvxW39rGVvVoqkDF1mm0BocVrM7L27R5Hbmw/8GQzXoeTrd4V+euoQdFPb/yP5hOCuLI1D69tC+7kNF+TwRSQQ2Pl/niYk5X7CueohF5klrMqtmeK3ZSivaU25ais22ggKSVW3OBjcS3lHnkceFcDwMPJruhfFggySOA9bskZpVFB6SOscMpU0ZkEifRHh6v8NOvGqmNrOni86SxNCVWYZTo6+7Qti1Db4O/sQ2G2fQZKM4VdFce+4LrF/Z6OlfnvYlztiOtutmRVtQy5Hi8NEX5g81UDusouYqtU9ZPnVMTOexzHcglXBW6rBvZfJt1Vg3YXTzqe1DFR6vML9vhTZcXsmasT2RXi3H1z7yCB2nLMEETRJkTBwEsX7V74Khq+PBbk514N7+Fxv+KCHHirnSxyHeZsMfBN9WvoUTMXjVVM8k7EW9h7KnSyreCMj/Cl8wUq9bH8ORo+gK+Tg5ayB6eMhqNYcHoBsIbMGB53ESUqBkh00HuTWESuoWecPxONQ6FXM6NDN/I+6zraeGkaBj++4zy1nNaHXskO5MEPYcUEi4VmgxiBAd3fNgjRQYenv2EpLiepx/t3Nno7XKc=
me@machine:~$ kubeseal --raw --from-file=/dev/stdin --name api-secret

Describe alternatives you've considered
I have made a small bash script that accomplishes this:

#!/usr/bin/env bash

echo "Enter the secret and end with CTRL+D twice:"
STDIN=$(cat)

echo -e "\n\nSecret:"
echo -n "$STDIN" | kubeseal --raw --from-file=/dev/stdin "$@"
echo ""

It can be used like this ./seal.sh --name api-secrets

@github-actions github-actions bot added the triage Issues/PRs that need to be reviewed label Jun 28, 2022
@alvneiayu alvneiayu added enhancement backlog Issues/PRs that will be included in the project roadmap and removed triage Issues/PRs that need to be reviewed enhancement backlog Issues/PRs that will be included in the project roadmap labels Jun 30, 2022
@alvneiayu
Copy link
Collaborator

hi @MatthiasKunnen

First of all, thanks a lot for opening an issue for this request. We have two different options to solve this problem:

  1. Include the '\n' printing the output in the --raw flag. This is going to generate a really big impact for the users. If they have scripts using the flag, we are going to change the behavior.
  2. Include a new flag for padding the output (as you suggested). We are trying to control the flags that we are including in our commands. As you can see, we have a lot of options already included and we need to be carefully to include new ones. We can not overload the commands with a lot of flags, this will reduce the usability.

As you said, with one bash script you can control and fix the problem. So, I think that the impact of this request will be really high and you can avoid it using a bash script as you shared.

Again thanks a lot for sharing your script to solve the problem. It will be really helpful for the community. Unfortunately, we think that this request will generate more impact than benefits.

Álvaro

@MatthiasKunnen
Copy link
Author

MatthiasKunnen commented Jul 4, 2022

Hi @alvneiayu, thank you for your response!

Regarding 2, I understand your hesitance to adding more flags though it has to be weighed against users having to maintain their own scripts to process kubeseal output.

If they have scripts using the flag, we are going to change the behavior.

There is actually a way to prevent behavior change for users that use --raw from scripts/pipes AND pad the result when human readability is preferred.

The script below only pads the output when a terminal is attached.

#!/usr/bin/env bash

if [ -t 1 ]; then
    echo -n "Output: "
fi

echo "content"

Examples:
Difference in output between terminal and non-terminal

This behavior is consistent with ansible-vault. If a terminal is detected, helpful instructions are printed:
ansible-vault handling terminals

@github-actions
Copy link
Contributor

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

@github-actions github-actions bot added the Stale label Jul 20, 2022
@alvneiayu
Copy link
Collaborator

hi @MatthiasKunnen

We are open to receive PR, I will be really happy to review it. So, I invite you to send a PR with a possible solution to this.

Thanks a lot

Álvaro

@alvneiayu alvneiayu added help wanted Feature requests approved by maintainers that are not included in the project roadmap and removed Stale labels Jul 20, 2022
@MatthiasKunnen
Copy link
Author

Thank you for considering it! I'd love to make a PR but I cannot promise to accomplish this in the short term due to limited time and lack of experience with Go. I'll add it to my todo list and hope that I will get to it sooner rather than later.

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
help wanted Feature requests approved by maintainers that are not included in the project roadmap
Projects
None yet
Development

No branches or pull requests

2 participants