-
Notifications
You must be signed in to change notification settings - Fork 63
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Summon has examples of unofficial "provider wrappers" somewhere (e.g. gopass
)
#149
Comments
Hmm... this would be a tricky thing to do since that would require a different API for just this one specific "provider" (I'm using the term loosely here since it's not a native summon provider). I almost feel like this would be very easy to solve on the clientside by making a simple Add this content to a file #!/bin/bash -e
set -o pipefail
# Strips all parts of path before last `/`
var_path="${1%/*}"
if [[ "$var_path" == "" ]]; then
echo "Missing variable path!"
exit 1
fi
# Only returns the item after last `/`
secret_id="${1##*/}"
if [[ "$secret_id" == "" ]] || [[ "$secret_id" == "$var_path" ]]; then
echo "Missing secret ID path!"
exit 1
fi
if ! gopass show "${var_path}" | grep "^${secret_id}: " | awk '{$1=""; print substr($0,2)}'; then
echo "Could not find '$secret_id' in '$var_path'!"
exit 1
fi Edit: in your |
Here a similar attempt with an
Maybe it would be worth to document these "provider wrappers"? |
Excellent point - do you mind testing this one out first (since I do not have a gopass setup)? |
@sgnn7 yours works. As an alternative #!/usr/bin/env bash
set -euo pipefail
if [[ "${1}" == "--version" ]]; then
gopass --version
exit 0
fi
path="${1%%@*}" # Strips all parts of path before last `@`
attribute="${1##*@}" # Only returns the item after last `@`
if [[ "${path}" == "" ]]; then
echo "Missing variable path!"
exit 1
fi
if [[ "${attribute}" == "" ]]; then
gopass show "${path}" | head -1
else
gopass show "${path}" "${attribute}"
fi Needs the following FOO: !var aws/iam/foo/bar@username
BAR: !var aws/iam/foo/bar@region A similar approach to yours, with the difference that you need to separates the attribute from the path at the summon/internal/command/flags.go Line 44 in 36c7536
|
Awesome and thank you! Let me update the title/description of this issue a bit now and see if I can get some wider stakeholder approval on this. CC: @cyberark/community-and-integrations-team @izgeri |
gopass
)
I experienced some problems with Gopass and this wrapper.
After some digging around I found out that, since I have my GPG key encrypted, FIX:
Explanation from https://www.gnupg.org/documentation/manuals/gnupg/Agent-Options.html: |
Hey @xMordax, PS: Great find on the GPG issue! |
Hey @xMordax again - sorry for dropping the ball on this but we've been pretty busy on the team lately on other projects so we have not had much time to look into this but someone from my team (probably not myself) will be working on this. Notes below are for whoever takes on this taskThings that need to be done:
Additional notesThe path structure should probably be something like this:
|
Published in CyberArk Aha! idea portal |
Currently we have no place to add small wrapper code somewhere that can easily be used with tools that are not initially designed for
summon
but that can be with minimal effort.AC:
gopass
) wrapper to those examplesOriginal Issue below
Summary
Got a problem when using Gopass as a provider because of some functionalities that Gopass provides which breaks Summon. In Gopass you can, of course, store your secret but you can also add comments to the secret do describe it, or you can even use it to add a second password to it if required. For example this is how my AWS user entry looks like in Gopass:
The first line from the output is the "password" which in my case is the password from the AWS Console, this way I can use the Gopass bridge to login to the webiste via my browser by auto filling the password and username automatically. If I want access to any other resource from this secret, I can do it by calling the key
gopass show some/aws/path/username secretkey
. This will output just the value of secretkey. This command I can use to fill my environment variable dynamically for example.But this is a problem for summon, since it will try to grab the whole output of the Gopass and pipe it trough, instead of forwarding just the password.
Steps to Reproduce
Steps to reproduce the behavior:
Expected Results
It uses just the password stored in Gopass.
Actual Results (including error logs, if applicable)
It uses the whole output, including comments beneath the password.
Additional Information
It would be a nice feature to have the possibility of writing a key from a comment beneath a password, and get the value of it.
The text was updated successfully, but these errors were encountered: