-
-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
file.* global replacements trailing newline interaction with secrets #6392
Comments
🤔 good question... Probably makes sense to strip the newline, yeah. How do other "secrets in files" systems do it (Docker secrets, Systemd secrets) I wonder? I figure if users need to re-add the newline they could do so in the config where they use the placeholder, but it's kinda unwieldy cause we don't transform literal
Or somewhat nicer (adding an extra newline because heredocs themselves also strip the final newline):
🤷♂️ |
systemd credentials:
% indicates no trailing newline (zsh thing) stalwart-mail: nixos acme, lego: |
I just ran into this issue as well while trying to use
Source: https://superuser.com/a/745135
They could also simply add an additional newline to the file in question. |
So basically when you do something like
acme_dns cloudflare {file./path/cool-secret}
it will error out if the secret contains a trailing newline, so you will need to remove the trailing newline from the file for it to work, which is against the unix convention.I think this is a bug, but not sure if it needs to be handled on the dns adapter side or here.
Is it reasonable to just always strip newline for file.* replacements?
The text was updated successfully, but these errors were encountered: