When loading file type secrets, newlines are stripped. #123
Description
When loading file-type secrets (File secret attachments, not files being injected through templatisation), newlines are stripped from the content before setting environment variables, causing PEM-formatted keys and certificates to become invalid.
Reproduction
Loading a PEM private key secret results in:
- name: Load secrets
uses: 1Password/load-secrets-action@v2
with:
export-env: true
env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
PRIVATE_KEY: op://vault/item/private_key.pem
- name: Debug key format
run: |
echo "Private key length: ${#PRIVATE_KEY}"
echo "First 50 chars: ${PRIVATE_KEY:0:50}"
if [[ "$PRIVATE_KEY" == *$'\n'* ]]; then
echo "Contains newlines"
else
echo "No newlines found"
fiActual output:
Private key length: 1648
First 50 chars: -----BEGIN RSA PRIVATE KEY-----MIIEpAIBAAKCAQEAz7x
No newlines found
Expected output:
Private key length: 1648
First 50 chars: -----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAz7x
Contains newlines
Output shows the key loads as a single line with all newlines removed:
- Length: 1648 characters (correct)
- Contains BEGIN/END markers (correct)
- Format: Single continuous string (incorrect - should be multi-line PEM)
Expected behavior
File secret attachments should preserve their original formatting, including newlines and whitespace.
Impact
PEM keys, certificates, and other multi-line formatted secrets are unusable without manual post-processing. Current workaround requires sed replacement, such as this:
FIXED_KEY=$(echo "$PRIVATE_KEY_VALUE" | sed 's/-----BEGIN RSA PRIVATE KEY-----/&\n/' | sed 's/-----END RSA PRIVATE KEY-----/\n&/' | sed 's/\(.\{64\}\)/\1\n/g')Edit:
I'm not sure whether this issue is with this library, op-js, or the api itself - but there appears to be related issues in this thread (Both the K8s operator and github actions mentioned)