Comments (6)
shyiko
commented on June 25, 2024
Hi.
Check that
- secret-oxidixed-id-rsa.pub.yml is actually encrypted (it should contain
# kubesec:v:4) kubesec --versionwhere you are trying tokubesec decryptis >=kubesec --versionwhen secret was encrypted.
from kubesec.
networklessons
commented on June 25, 2024
Hi,
Thanks for the quick reply, I figured out the issue; it happens when I add the encrypted file to my gitlab repository:
- Create a new secret.yml file.
- kubesec encrypt
--key=aws:arn:aws:kms:us-west-1:000000000000:key/00000000-0000-0000-0000-000000000000 secret.yml - commit and push secret.yml to gitlab repository
- git clone gitlab repository in a new folder
- kubesec decrypt gives the error.
Something happens with the file, the MD5 hash of the locally created file and git cloned file are different. Not sure what git(lab) does and if this also happens with github.
md5sum secret.yml
fe456c002f07b37edd5234ec7d10ad45 *secret.yml
md5sum secret.yml
cfc92c6bb9ccd7ee21ce2916132ff7d0 *secret.yml
from kubesec.
networklessons
commented on June 25, 2024
Here is an example btw:
apiVersion: v1
data:
id_rsa.pub: c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCQVFEMTZ1Ri9LYklSQUVKVVRkSmNyQzduK2ZmazBmWGVrSzhBbnpqU0FTczUxL2hmOTA1VmcrOWZ0b0Z3MmJzQkRKWW1qalJXVVVkSGlQSFNnUFd0WkVPK00xa1g5WVNzNVdaVW03VVFsdklWNnhoVFVVMXlFUHpBVkw0aDYvSnpnSkFack53WUdnSUNxdDJoYktwUGJ1T3BiUmQ0ZmVNSUFZc2JnVjhWRzVrN2RTTWk2UnIyN3lqRlptSWs0cnlXNWw1c2tHTFNnWFh4VFdkOVp3T3RjYVVYeS9NRkZIbGtLZytjU043cGZXRFhuaEU2cGFYb0hQM0lnemlpT1FuMnNXWUlTdGxJcUplUDNLRDdyWVZBanI5a0lFbkNNS1hETzR5Z2E1S3VGdjRIeU96U0FWSzRSZmtwRXJ4U1E5eHowYmJCczJDdER0YWRmNUs0bk5tcjNyZEogamFtZXNAamFtZXM=
kind: Secret
metadata:
name: secret-oxidized-id-rsa-pub
type: Opaque
When you kubesec encrypt this, commit it to a repo, then pull it to another folder then you can't decrypt it anymore. Perhaps this is a git issue with very long lines?
from kubesec.
shyiko
commented on June 25, 2024
Any chance you have .gitattributes with newline normalization? https://help.github.com/en/articles/dealing-with-line-endings
from kubesec.
networklessons
commented on June 25, 2024
I don't have one, I did use kubesec on Windows. Should I try it?
from kubesec.
guitarrapc
commented on June 25, 2024
I've encounted same issue, and it was caused via EOL.
git commited secrets.enc.yaml was LF, but cloned was CRLF.
I can avoid issue with change file eol to LF and use .gitattributes to specify file EOL.
from kubesec.
Related Issues (20)
- Support homebrew installation HOT 5
- kubesec.io HOT 1
- Make it clear what to do if encryption/decryption fails HOT 1
- kubesec edit -if fails HOT 1
- ksec --version doesnt work
- kubesec doesn't show any errors when there is no default 'gcloud auth application-default login' HOT 3
- Primary PGP key wasn't found HOT 2
- Decryption with multiple PGP keys fails HOT 3
- Support working without application-default login
- Support for IBM Cloud Key Protect
- Support for GCP Service Account HOT 1
- Flag to avoid using gpg agent HOT 1
- Github documentation about gpg key generation leads to "Unable to decrypt Data Encryption Key (DEK)" HOT 4
- Integration with kustomize HOT 4
- being able to use kubesec with "non secret" files in YAML stream file
- `gpg` wasn't found (make sure it's available on the PATH) HOT 1
- Space(s) just before LF makes encrypted data mess HOT 1
- kubesec ecrypt --key=... does not remove other keys
- do not support new mac OS version on 12.0.1(21A559) HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubesec.