BUG: Beware of safe export and import function. It can corrupt your data. #235
Comments
|
@herrbpl Can you please provide an example showing on which conditions the data structure gets corrupted? |
|
Hi For a long time Vault API allows to store arbitrary json structures in data field, not just key-values of a string type. So when you had in vault key stored anything as json structure, this structure gets converted to string representation of structure and when it is reimported, it is imported as string, as result, applications that expect json structure under vault key, receive string instead. And complain because they cannot unserialise this to internal data objects. Please see associated PR for exact differences. PR adds additional behaviour which prevents this automatic conversion if directed by command line flag. Without specifying additional flags application behaviour stays as it was. |
safe exports json structures as escaped strings. When you import exported structures, previously structured data will be converted to string representation of json, this will cause your applications that do not expect vault secrets structure to change, to fail.
The text was updated successfully, but these errors were encountered: