On 14. 04. 22 14:54, Johannes Altmanninger wrote:
On Thu, Apr 14, 2022 at 02:19:10PM +0200, Daniel Mach wrote:
On 14. 04. 22 13:50, Johannes Altmanninger wrote:
On Thu, Apr 14, 2022 at 01:26:47PM +0200, Daniel Mach wrote:
SaltStack strips leading/trailing whitespaces from the password [1],
because pass adds a newline when entering passwords interactively.
SaltStack is removing too much. They should use the equivalent of
pass_show_output.removesuffix("\n").
That's right. I'm planning to address this by sending a pull-request to
SaltStack.
Good
On the other hand, if you store a multiline/binary password in pass, it can
end with a newline, which still would end as an invalid password in
SaltStack.
It sounds like you're suggesting that there is a flaw in pass that prevents
you from storing arbitrary data. I fail to see such a flaw. Just make
sure to add the trailing newline when you insert into the password store
and remove the same newline when you read from it.
(of course "pass generate" and "pass insert" will add the newline automatically)
Adding the trailing newline is certainly doable, but far from
convenient. If pass is used by several admins to manage the secrets,
they all need to know about adding the newline. I was simply hoping in a
code change so nobody has to think of this special case.
I take it that my patch is not aligned with project best practices and I
will either somehow enforce the trailing newline or use a special prefix
to distinguish between base64 encoded content and plain text.
