Comments (10)
carlpett
commented on June 3, 2024
Hm, I'm fairly sure this would be a bug in Terraform itself and should be reported on the core Terraform repo (https://github.com/hashicorp/terraform). Or does it only happen when using this provider?
from terraform-provider-sops.
yujunz
commented on June 3, 2024
Could be.
Reported here also since this is the first plugin I used which is asking for user input.
from terraform-provider-sops.
carlpett
commented on June 3, 2024
Yeah, might not be that common. Would you mind opening an issue there too and pinging me and we'll see what they have to say? If it "should" work in core then I can troubleshoot here better.
from terraform-provider-sops.
yujunz
commented on June 3, 2024
Yeah, might not be that common. Would you mind opening an issue there too and pinging me and we'll see what they have to say? If it "should" work in core then I can troubleshoot here better.
Done.
from terraform-provider-sops.
carlpett
commented on June 3, 2024
Thanks. As per the discussion in that issue, it actually falls on this plugin to deal with it. Thinking some more about it, I wonder, is this actually the plugin itself, or is the output from a gpg-agent?
from terraform-provider-sops.
yujunz
commented on June 3, 2024
I think it is from pinentry
brew info pinentry
pinentry: stable 1.1.0 (bottled)
Passphrase entry dialog utilizing the Assuan protocol
https://www.gnupg.org/related_software/pinentry/
/usr/local/Cellar/pinentry/1.1.0_1 (12 files, 263.9KB) *
Poured from bottle on 2018-08-23 at 05:46:30
From: https://github.com/Homebrew/homebrew-core/blob/master/Formula/pinentry.rb
With the following configuration:
GPG_TTY=$(tty)
export GPG_TTY
from terraform-provider-sops.
carlpett
commented on June 3, 2024
Alright. I'm actually not sure how to prevent this from happening, since it is several steps removed from the code here: Terraform calls terraform-provider-sops (this code) which uses the sops library, which checks with the gpg agent (pinentry in your case) if it needs to be unlocked.
Do you have any ideas outside of reconfiguring your gpg agent?
from terraform-provider-sops.
yujunz
commented on June 3, 2024
Neither do I.
How do you handle passphrase protected PGP private key at the moment?
from terraform-provider-sops.
carlpett
commented on June 3, 2024
Personally I've only used sops with cloud key vaults, so there it is not an issue (there are no interactive components)
For normal gpg usage, my agent queries for passphrase once per every X minutes, but this may or may not be a reasonable configuration in your circumstances (and anyway will require that you do some sort of no-op before running terraform just to get the key unlocked)
from terraform-provider-sops.
landro
commented on June 3, 2024
Have you tried using pinentry-program /usr/local/bin/pinentry-mac @yujunz ? Haven't tried it with this provider, but came across this issue and thought I'd let you know about this option.
from terraform-provider-sops.
Related Issues (20)
- Using deprecated for of AWS authentication HOT 2
- Decrypt Yaml List Value HOT 2
- Failed to create Azure authorizer in a specific agent pool in Azure Devops HOT 3
- The module is not decrypting the updated data
- Support sops 3.8.0?
- SOPS with Terraform Cloud dynamic provider credentials
- Submit GPG key for OpenTofu Registry HOT 3
- data sops_file storing the secrets in tfstate HOT 1
- bump sops version to >=3.8.1
- Add support for profile provider argument
- Use credentials with AWS SSO HOT 1
- SOPS with Multi account AWS account HOT 4
- Decrypting binaries HOT 1
- merge github.com/lokkersp/terraform-provider-sops? HOT 3
- Invalid index error using terraform import HOT 3
- `null` is converted to `<nil>` string
- file name too long with source_file with data value HOT 1
- sops does not work with a transit-key created under a vault sub namespace HOT 1
- Return structured data rather than flattening HOT 4
- 0.7.2 macos/arm m1 issue HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-provider-sops.