-
-
Notifications
You must be signed in to change notification settings - Fork 131
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot decrypt non ascii Characters #269
Comments
eyaml encrypt -s "bonjour à vous" -o string | eyaml decrypt --stdin
That is how I had to do it as well.
Which is a major pain if I need to change the file this is in - eyaml will happily decrypt everything,
but once it’s saved and eyaml tries to encrypt it again, it fails.. So I have to go in with a normal
editor (not `eyaml edit`) and past in the whole encrypted “blob” back in.
|
This also affects binary data.
Results in:
So my guess is that |
To get around that, I had to run
and then go in and add the missing But then running |
On the other hand, |
Just encode to base64 and decode on template generation. |
Just encode to base64 and decode on template generation.
Actually, that helped me a lot!
I have binary data (ElasticSearch encryption key) in Hiera, but
every time I need to encrypt/decrypt/edit that file, `eyaml` borks!
But base64 encoding the binary data and then use
```
$variable = base64('decode', hiera(‘hiera_key', undef))
file { ‘/somethingorother’:
content => $variable
}
```
should do it.. The base64() function is in puppetlabs-stdlib which
I’m already using functions from elsewhere...
|
I'm hitting this also. The base64() workaround is might work, but this is a bug IMHO that still should be resolved. I would expect this encryption to be able to handle any arbitrary binary data, much as base64() can. Using the base64() kludge also defeats class param auto-lookup. Worse though is, I question the data reliability this potentially presents. I stumbled onto it with Kerberos keytabs. I had been taking these binary files and doing an
If I try to
Somehow though, the Puppet Server is capable of decrypting the data. If it weren't for that, I'd question if VIM handled the binary data correctly before eyaml was to reencrypt it. My Puppet Server has hiera-eyaml-3.2.2 as bundled with puppet-agent-7.14.0-1.el8.x86_64 (from the PL repo). My workstation where I'm using eyaml to edit files has rubygem-hiera-eyaml-3.2.0-4.fc35.noarch (from Fedora repos). In the meantime, I'm going to aim for a new Hiera level that uses a glob file path for binary files like keytabs. Then they can reside as a group of files with their content isolated. |
Working in a francophone company, some of the data we want to encrypt include non-ascii characters, like strings with accents. For instance, I'm trying to encrypt this file:
I'm in the process of learning hiera, so this file contains a test string to extract (chaine_test), a value corresponding to a parameter (chaine_parametre), and a crypted string (chaine_crypte). The decrypted string is bonjour à vous. While editing with
eyaml edit
, the line containing the encrypted string looks like this:Afterward, when trying to edit again with
eyaml edit
, or when trying to extract the value on the puppet master, I get this error:[hiera-eyaml-core] incompatible character encodings: UTF-8 and ASCII-8BIT
Interesting information tough, this line works just fine:
eyaml encrypt -s "bonjour à vous" -o string | eyaml decrypt --stdin
I get the decrypted string in the output.
These are my specifications:
gem install
puppetserver gem install
Is it possible to encrypt non-ascii values?
The text was updated successfully, but these errors were encountered: