I threw this quickly together to showcase an issue I encountered with json unmarshalling (that happens throughout the process of staging/decrypting secrets data); https://go.dev/play/p/PQG4LcePXbA
The demo shows that a straightforward json object structure of
{
"container": {
"key": "value"
}
}Is not properly parsed by the recurseSecretKey method when the target is a nested value ("container/key" in this case). The thrown error during build of sops-nix manifest derivation is of this form
manifest is not valid: secret test_container/test_secret in <XXX> is not valid: key 'test_container' does not refer to a dictionary
It looks like map[interface{}]interface{} specifically is the issue, where my intuitive expectation would be to test for map[**string**]interface{} like the type of 'currentData' just below.
The YAML format doesn't have this issue and passes the different type validations.
I threw this quickly together to showcase an issue I encountered with json unmarshalling (that happens throughout the process of staging/decrypting secrets data); https://go.dev/play/p/PQG4LcePXbA
The demo shows that a straightforward json object structure of
{ "container": { "key": "value" } }Is not properly parsed by the
recurseSecretKeymethod when the target is a nested value ("container/key" in this case). The thrown error during build of sops-nix manifest derivation is of this formIt looks like
map[interface{}]interface{}specifically is the issue, where my intuitive expectation would be to test formap[**string**]interface{}like the type of 'currentData' just below.The YAML format doesn't have this issue and passes the different type validations.