Skip to content

fix: support '/' in secret keys and updated docker to install bash #5604

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
AdeshGhadage wants to merge 2 commits into
base: main
Choose a base branch
from
+25 −1
Open

fix: support '/' in secret keys and updated docker to install bash #5604

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d546319
fix: support '/' in secret keys and updated docker to install bash
AdeshGhadage Mar 5, 2026
89f707f
Update backend/Dockerfile.dev.fips
AdeshGhadage Mar 6, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion backend/Dockerfile.dev.fips
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,8 @@ RUN wget https://www.openssl.org/source/openssl-3.1.2.tar.gz \
# ? App setup

# Install smbclient for Windows SMB operations
RUN apt-get update && apt-get install -y smbclient
# Install smbclient and bash (required by setup script)
RUN apt-get update && apt-get install -y smbclient bash && rm -rf /var/lib/apt/lists/*

# Install Infisical CLI
RUN curl -1sLf 'https://artifacts-cli.infisical.com/setup.deb.sh' | bash && \
Expand Down
23 changes: 23 additions & 0 deletions frontend/src/hooks/api/secrets/mutations.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,20 @@ import {
TUpdateSecretsV3DTO
} from "./types";

const splitKeyAndPath = (secretKey: string, secretPath: string = "/") => {
if (!secretKey.includes("/")) {
return { actualSecretKey: secretKey, actualSecretPath: secretPath };
}
const parts = secretKey.split("/");
const actualSecretKey = parts.pop() as string;
Comment on lines +29 to +30
Copy link
Contributor

@greptile-apps greptile-apps bot Mar 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Empty secret key when input ends with /

If a user enters a key with a trailing slash (e.g., "test/" or "/"), parts.pop() will return an empty string, making actualSecretKey = "". The resulting request URL becomes /api/v4/secrets/ (empty key segment), which hits an unintended endpoint or returns a confusing error.

Consider adding validation to guard against this case — either fall back to the original value so the server can return a proper validation error, or surface a clear client-side message before making the request.

const folderPart = parts.join("/");
const actualSecretPath =
secretPath === "/"
? `/${folderPart}`
: `${secretPath}/${folderPart}`;
return { actualSecretKey, actualSecretPath };
};
Comment on lines +25 to +37
Copy link
Contributor

@greptile-apps greptile-apps bot Mar 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Double slash when key starts with leading forward slash

If the input key begins with / (e.g., "/test/cred"), the function produces paths with double slashes:

For example, with key = "/test/cred" and path = "/":

  1. Split produces: ["", "test", "cred"]
  2. After pop: parts = ["", "test"], so folderPart = "/test"
  3. Result: actualPath = /${folderPart}=//test`

When path = "/some":

actualPath = "/some//test"  // double slash

These malformed paths will likely cause 404 errors or routing issues. Consider normalizing slashes:

Suggested change
const splitKeyAndPath = (secretKey: string, secretPath: string = "/") => {
if (!secretKey.includes("/")) {
return { actualSecretKey: secretKey, actualSecretPath: secretPath };
}
const parts = secretKey.split("/");
const actualSecretKey = parts.pop() as string;
const folderPart = parts.join("/");
const actualSecretPath =
secretPath === "/"
? `/${folderPart}`
: `${secretPath}/${folderPart}`;
return { actualSecretKey, actualSecretPath };
};
const actualSecretPath =
secretPath === "/"
? `/${folderPart}`.replace(/\/+/g, "/")
: `${secretPath}/${folderPart}`.replace(/\/+/g, "/");


export const useCreateSecretV3 = ({
options
}: {
Expand All @@ -40,6 +54,9 @@ export const useCreateSecretV3 = ({
skipMultilineEncoding,
tagIds
}) => {
const { actualSecretKey, actualSecretPath } = splitKeyAndPath(secretKey, secretPath);
secretKey = actualSecretKey;
secretPath = actualSecretPath;
const { data } = await apiRequest.post(`/api/v4/secrets/${secretKey}`, {
secretPath,
type,
Expand Down Expand Up @@ -106,6 +123,9 @@ export const useUpdateSecretV3 = ({
skipMultilineEncoding,
secretMetadata
}) => {
const { actualSecretKey, actualSecretPath } = splitKeyAndPath(secretKey, secretPath);
secretKey = actualSecretKey;
secretPath = actualSecretPath;
const { data } = await apiRequest.patch(`/api/v4/secrets/${secretKey}`, {
projectId,
environment,
Expand Down Expand Up @@ -163,6 +183,9 @@ export const useDeleteSecretV3 = ({

return useMutation<object, object, TDeleteSecretsV3DTO>({
mutationFn: async ({ secretPath = "/", type, environment, projectId, secretKey, secretId }) => {
const { actualSecretKey, actualSecretPath } = splitKeyAndPath(secretKey, secretPath);
secretKey = actualSecretKey;
secretPath = actualSecretPath;
const { data } = await apiRequest.delete(`/api/v4/secrets/${secretKey}`, {
data: {
projectId,
Expand Down