Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vault 1.14.x kv2 UI "download" replaces newlines with \n #22279

Closed
rjhornsby opened this issue Aug 10, 2023 · 1 comment · Fixed by #23747
Closed

vault 1.14.x kv2 UI "download" replaces newlines with \n #22279

rjhornsby opened this issue Aug 10, 2023 · 1 comment · Fixed by #23747
Labels
secret/kv ui

Comments

@rjhornsby
Copy link
Contributor

Describe the bug

KV secrets has a neat feature in the web ui introduced in 1.14.x where you can download a secret. When the secret contains newlines (ie a .ovpn file), it displays correctly when shown/previewed in the UI. However the "download" function for this secret replaces the newlines in the generated file with the string literal \n

To Reproduce
Steps to reproduce the behavior:

  1. Create a kv2 secret containing newlines, ie copy/paste a multiline secret into a new vault secret or have terraform create the kv secret.
  2. Retrieve said secret by using the vault UI's "download" option
  3. The downloaded file will have newlines replaced with string literal \n instead

Expected behavior
The downloaded/generated file should maintain the newlines of the original.

Environment:

  • Vault Server Version (retrieve with vault status): 1.14.1
  • Server Operating System/Architecture: Rocky 8 (RHEL) x86
@rjhornsby rjhornsby changed the title vault 14.x kv2 UI "download" replaces newlines with \n vault 1.14.x kv2 UI "download" replaces newlines with \n Aug 11, 2023
@rjhornsby
Copy link
Contributor Author

AFAICT from trying to follow the ui/js/? logic, it starts with masked-input.hbs <DownloadButton .../>[1], jumps to get content()[2], and then to a stringify[3] call where the plaintext of the secret gets mangled. Maybe this is as simple as saying @stringify={{false}}?

I could see doing some string transformation if we were downloading the entire secret with multiple values and needed a JSON object to properly represent the secret (multiple values or even a k/v pair) as a hash. In the case of the "download" button in question here, the user is only ever asking/expecting/getting the single value. It's not clear why we want to force a transformation rather than returning the value into the file that gets downloaded as-is.

[1]

vault/ui/lib/core/addon/components/masked-input.hbs

Lines 49 to 57 in d3d5e0e

<DownloadButton
class="button download-button"
@filename={{or @name "secret-value"}}
@data={{@value}}
@stringify={{true}}
aria-label="Download secret value"
>
<Icon @name="download" />
</DownloadButton>

[2]

vault/ui/lib/core/addon/components/download-button.js

Lines 57 to 62 in 5e5ead4

get content() {
if (this.args.stringify) {
return JSON.stringify(this.args.data, null, 2);
}
return this.fetchedData || this.args.data;
}

[3]

vault/ui/app/helpers/stringify.js

Lines 8 to 12 in d3d5e0e

export function stringify([target], { skipFormat }) {
if (skipFormat) {
return JSON.stringify(target);
}
return JSON.stringify(target, null, 2);

@zofskeez zofskeez mentioned this issue Oct 23, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
secret/kv ui
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

KV Download Value Stringify Toggle hashicorp/vault
3 participants
@rjhornsby @zofskeez @biazmoreira