sops: encrypting empty file panics

Not a great onboarding experience; in the following I try helm-secrets (which uses sops under the hood) but get a panic.

touch foo.yaml
❯ helm secrets enc foo.yaml
Encrypting foo.yaml
panic: runtime error: index out of range

goroutine 1 [running]:
main.encrypt(0x1a88ce0, 0xc00009a630, 0x2615200, 0x2089cf8, 0x2615200, 0x2089cf8, 0x7ffeefbfe0ef, 0x14, 0xc000064990, 0x1, ...)
	/private/tmp/sops-20190418-79323-1cw3pqc/sops-3.3.0/src/go.mozilla.org/sops/cmd/sops/encrypt.go:66 +0x98a
main.main.func5(0xc000226000, 0x0, 0x0)
	/private/tmp/sops-20190418-79323-1cw3pqc/sops-3.3.0/src/go.mozilla.org/sops/cmd/sops/main.go:483 +0x2ed8
go.mozilla.org/sops/vendor/gopkg.in/urfave/cli%2ev1.HandleAction(0x17f8060, 0x1947088, 0xc000226000, 0x0, 0x0)
	/private/tmp/sops-20190418-79323-1cw3pqc/sops-3.3.0/src/go.mozilla.org/sops/vendor/gopkg.in/urfave/cli.v1/app.go:490 +0xc8
go.mozilla.org/sops/vendor/gopkg.in/urfave/cli%2ev1.(*App).Run(0xc000214000, 0xc0000b8000, 0x8, 0x8, 0x0, 0x0)
	/private/tmp/sops-20190418-79323-1cw3pqc/sops-3.3.0/src/go.mozilla.org/sops/vendor/gopkg.in/urfave/cli.v1/app.go:264 +0x590
main.main()
	/private/tmp/sops-20190418-79323-1cw3pqc/sops-3.3.0/src/go.mozilla.org/sops/cmd/sops/main.go:649 +0x2578
Error: plugin "secrets" exited with error

Maybe a more useful message would be Nothing to encrypt or just make encryption work but it be, well, empty string.

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Reactions: 6
  • Comments: 15 (6 by maintainers)

Most upvoted comments

@zoechi that’s not very surprising, since some-file.yaml gets cleared due to the stdout redirect before sops is actually started.

Better use sops --encrypt --output some-file.yaml some-file.yaml.

+1
felixfontein on Dec 1, 2023

I have come to this issue, it is true that it is very uncomfortable to handle these exceptions in automatic processes.

I have broken files in this way:

  • Empty files
  • Files with only comments, to have them ready to add data
+1
cesarjorgemartinez on Sep 11, 2023

For this issue, I just make the yaml file have contents such as:

placeholder: placeholder

Not ideal but it’s a pretty simple workaround.

+1
michaeldelago on Nov 17, 2022

@ajvb , Is this issue planned to be fixed or somehow omitted? In case of encryption / decryption files in a folder (with loop, etc) with empty files it adds additional complexity for checks. Additional key, some kind a --skip-empty would be good to have.

+1
Moskovych on Jul 22, 2021
Read more comments on GitHub
← sops: Decryption fails for some data
sops: Question: How to manage merge conflicts with MAC signature →