Browse Source

Strip by default in tools/encrypt_secret

Trailing whitespace (newlines) in secrets is almost
never what people want, but it's easy to leave them in
and then wind up with hard to debug issues. Switch the
defaut - make a new option "--no-strip" that will disable
the behavior.

Change-Id: I46947e38807b55e5cc3bacc060f5d41a63b564b8
changes/08/714508/3
Monty Taylor 1 year ago
parent
commit
17a437dcee
2 changed files with 14 additions and 3 deletions
  1. +8
    -0
      releasenotes/notes/strip-encrypt-secret-87b06dc887312117.yaml
  2. +6
    -3
      tools/encrypt_secret.py

+ 8
- 0
releasenotes/notes/strip-encrypt-secret-87b06dc887312117.yaml View File

@ -0,0 +1,8 @@
---
upgrade:
- |
The default behavior of the ``tools/encrypt_secret.py``
helper script is now to strip incoming input of leading
and trailing whitespace. A new ``--no-strip`` option
has been added to support people with secrets that contain
valid leading or trailing whitespace.

+ 6
- 3
tools/encrypt_secret.py View File

@ -56,8 +56,11 @@ def main():
default=None,
help="The name of the Zuul tenant. This may be "
"required in a multi-tenant environment.")
parser.add_argument('--strip', action='store_true', default=False,
help="Strip whitespace from beginning/end of input.")
parser.add_argument('--strip', default=None,
help='Unused, kept for backward compatibility.')
parser.add_argument('--no-strip', action='store_true', default=False,
help="Do not strip whitespace from beginning or "
"end of input.")
parser.add_argument('--infile',
default=None,
help="A filename whose contents will be encrypted. "
@ -119,7 +122,7 @@ def main():
plaintext = sys.stdin.read()
plaintext = plaintext.encode("utf-8")
if args.strip:
if not args.no_strip:
plaintext = plaintext.strip()
pubkey_file = tempfile.NamedTemporaryFile(delete=False)


Loading…
Cancel
Save