yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

improve error message if sops secret contains unknown key

Browse Source
This commit is contained in:
Jörg Thalheim
2024-12-11 16:03:18 +01:00
parent 23fab6155c
commit 85676bc44f
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
pkgs/clan-cli/clan_cli/vars/secret_modules/sops.py
View File

@@ -221,9 +221,10 @@ class SecretStore(StoreBase):
recipients_to_add = wanted_recipients - current_recipients
var_id = f"{generator.name}/{name}"
msg = (
f"One or more recipient keys were added to secret{' shared' if generator.share else ''} var '{var_id}', but it was never re-encrypted. "
f"This could have been a malicious actor trying to add their keys, please investigate. "
f"Added keys: {', '.join(f"{r.key_type.name}:{r.pubkey}" for r in recipients_to_add)}"
f"One or more recipient keys were added to secret{' shared' if generator.share else ''} var '{var_id}', but it was never re-encrypted.\n"
f"This could have been a malicious actor trying to add their keys, please investigate.\n"
f"Added keys: {', '.join(f"{r.key_type.name}:{r.pubkey}" for r in recipients_to_add)}\n"
f"If this is intended, run 'clan vars fix' to re-encrypt the secret."
)
return needs_update, msg