cloudfoundry
passwords starting with a dash are not supported
What version of the credhub server you are using?
Server Version: 2.12.6
What version of the credhub cli you are using?
CLI Version: 2.9.3
If you were attempting to accomplish a task, what was it you were attempting to do?
set a password whose value is predetermined and starts with a dash (-)
What did you expect to happen?
password should be set
What was the actual behavior?
$ credhub set -t password -n '/example-password' -w '-supersecret'
expected argument for flag `-w, --password', but got option `-supersecret'
Please confirm where necessary:
- [x] I have included a log output
- [x] My log includes an error message
- [x] I have included steps for reproduction
If you are a PCF customer with an Operation Manager (PCF Ops Manager) please direct your questions to support (https://support.pivotal.io/)
We have created an issue in Pivotal Tracker to manage this. Unfortunately, the Pivotal Tracker project is private so you may be unable to view the contents of the story.
The labels on this github issue will be updated when the story is started.
there is a similar issue reported https://github.com/cloudfoundry/credhub-cli/issues/86
the problem is that any argument starting with a dash is interpreted as a flag.
there should be a way to escape dashes, maybe adding support for the GNU -- "end of options" CLI convention would be a good idea, so we could have
$ credhub set -t password -n '/example-password' -w -- '-supersecret'
right now the only workaround I found is to use import with a temp file
https://github.com/cloudfoundry/credhub-cli/blob/main/EXAMPLES.md#exporting-and-importing
which is a kludge and may leave plain text secrets on the filesystem
see https://github.com/jessevdk/go-flags/blob/3927b71304df5ef738c74bfe7a3216d218a60779/parser.go#L97-L100
a simpler workaround: use stdin instead
$ echo '-supersecret' | credhub set -t password -n '/example-password'