-
Notifications
You must be signed in to change notification settings - Fork 880
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: exec-env/-file support multiple args #1626
base: main
Are you sure you want to change the base?
Conversation
Don’t pass through sh; let the user do that if they want. Fixes getsops#1469
Please note that this is a breaking change and thus has no chance of being merged as-is. |
Yeah I tried to somehow detect if the user passed |
Even then it would be a breaking change, since you can already use What would be possible is to add a new parameter (probably a boolean flag) which allows to control the behavior, like |
One could argue that was never explicitly documented in the first place so it would only be breaking Hyrum's law / xkcd 1172 , but I'm happy either way :) It would probably also be nice not to have {} expanded in filenames when that no-shell arg is passed. What do you think? |
(for the record I was just being glib, I actually think your suggestion of a separate flag is better UX) |
Even if
Why? Or do you mean to only expand it when the whole argument is This can be very annoying for programs where you have to provide paths as part of an argument. One common example is Docker's |
Because it makes sops exec unsafe as an actual "transparent" exec. That's the conventional point of The name It's a very useful feature to be sure, but if there is no way to actually disable it, it makes it very hard to use sops as a generic command wrapper. (edit: s/exec-env/exec-file/ but you get the idea) |
|
Yes, I meant to type |
Don’t pass through sh; let the user do that if they want.
Fixes #1469