In contrast to Version 3.6.1,
in Version 3.7.0 on both Linux and Windows, when I encrypt a YAML file that accidentally has a duplicated key,
I cannot decrypt it afterwards.
sops test.yaml , duplicate the first line, and save.
Then try to decrypt, and get:
Error unmarshalling input yaml: yaml: unmarshal errors: line 2: mapping key "hello" already defined at line 1
The only way I found to recover the file would be to delete the offending key from the encrypted file
and decrypt with
sops --ignore-mac test.yaml
I've looked at this a bit. There are two parts:
sops.TreeBranchesand back conversion code does not mind duplicate keys.
LoadEncryptedFile()in stores/yaml/store.go) uses
yaml.Unmarshal(in, &metadataHolder)to parse the metadata, and that produces the error.
In other words: when using yaml.v3 to deserialize (or serialize from)
yaml.Node, it does not care about duplicate keys. But when using yaml.v3 to deserialize into Go structs, it does mind.
I'm not sure what's the best way to proceed here. We can add code to prevent to parse YAML files with duplicate keys in all cases (but we'd have to do that manually), or we can try to work around the issue with yaml.v3's Go struct deserialization to be able to handle YAML files with duplicate keys in all cases.
|Issue Title||Created Date||Updated Date|