Skip to content

fix: allow empty secret values when setting secrets from .env file #96

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
shashwat-dixit wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: allow empty secret values when setting secrets from .env file #96

shashwat-dixit wants to merge 1 commit into from

Conversation

@shashwat-dixit
Copy link

@shashwat-dixit shashwat-dixit commented Dec 23, 2025
edited
Loading

Fixes #87

Description

Problem:

  • When running infisical secrets set --file .env, if any secret has an empty value, the CLI prints "Secret key 'X' has an empty value" and exits
  • The message is ambiguous - unclear if it's an error, warning, or info
  • The entire operation fails and no secrets are set
  • This is inconsistent with the Infisical UI which allows empty values

Solution:

  • Remove the restriction that blocks empty secret values
  • Display an informational warning when empty values are detected
  • Continue processing and set all secrets from the file
  • Only block on empty keys (which are invalid), not empty values

Changes:

  • packages/util/secrets.go: Replace PrintErrorMessageAndExit with warning message for empty values
  • packages/util/secrets.go: Update validation to only check for empty keys

Type

  • Bug fix
  • New feature
  • Improvement
  • Breaking change
  • Documentation

Tests

  • Created .env file with empty value (KEY1=value1, KEY2=, KEY3=value3)
  • Verified all secrets are set successfully
  • Verified warning is displayed for empty value
  • Verified existing functionality still works for non-empty values

@shashwat-dixit
fix: allow empty secret values when setting secrets from .env file
ebe470e 
Problem:
- When running `infisical secrets set --file .env`, if any secret has an
  empty value, the CLI prints "Secret key 'X' has an empty value" and exits
- The message is ambiguous - unclear if it's an error, warning, or info
- The entire operation fails and no secrets are set
- This is inconsistent with the Infisical UI which allows empty values

Solution:
- Remove the restriction that blocks empty secret values
- Display an informational warning when empty values are detected
- Continue processing and set all secrets from the file
- Only block on empty keys (which are invalid), not empty values

Changes:
- packages/util/secrets.go: Replace PrintErrorMessageAndExit with warning
  message for empty values
- packages/util/secrets.go: Update validation to only check for empty keys

Testing:
- Created .env file with empty value (KEY1=value1, KEY2=, KEY3=value3)
- Verified all secrets are set successfully
- Verified warning is displayed for empty value
- Verified existing functionality still works for non-empty values

Fixes Infisical#87
@shashwat-dixit shashwat-dixit marked this pull request as ready for review December 23, 2025 06:01
@greptile-apps
Copy link
Contributor

greptile-apps bot commented Dec 23, 2025

Greptile Summary

This PR fixes a usability issue where the CLI rejected empty secret values, even though the Infisical UI allows them. The changes convert the error into a warning, allowing the operation to continue.

Changes:

  • Line 655: Changed PrintErrorMessageAndExit to PrintWarning when an empty value is detected during file parsing
  • Line 708: Removed the empty value check (|| splitKeyValueFromArg[1] == "") from validation, now only validates that keys are non-empty
  • Fixed typo: "none empty" → "non empty" in error message

Impact:

  • Users can now set secrets with empty values via .env file, matching UI behavior
  • Empty keys remain blocked (correct behavior)
  • Operation continues and sets all valid secrets instead of failing entirely

Confidence Score: 5/5

  • This PR is safe to merge with minimal risk
  • The changes are straightforward and well-scoped: converting an error to a warning for empty secret values, and removing the corresponding validation check. This aligns the CLI behavior with the UI, which already allows empty values. The change only affects empty values (not empty keys, which remain blocked), and the validation logic is correctly preserved for other critical checks.
  • No files require special attention

Important Files Changed

Filename Overview
packages/util/secrets.go Changed empty value validation from error to warning, now allows empty secret values to match UI behavior

@greptile-apps
Copy link
Contributor

greptile-apps bot commented Dec 23, 2025

Greptile found no issues!

From now on, if a review finishes and we haven't found any issues, we will not post anything, but you can confirm that we reviewed your changes in the status check section.

This feature can be toggled off in your Code Review Settings by deselecting "Create a status check for each PR".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Accept empty .env keys

1 participant

@shashwat-dixit