Potential Powershell bug? Or problem with Docker or Hashicorp?

Question

This is one of the weirdest things I've seen in my career...

I have the following:

$string="$($VAULT_SETTINGS.SECRETS_ENGINE_PATH)/$($VAULT_SETTINGS.SECRETS_SOLUTION_NAME)/Database__ConnectionString default=`"Server=$($DB_SETTINGS.SERVICE_NAME);Initial Catalog=$($DB_SETTINGS.InitialCatalog);User=$($DB_SETTINGS.DbUser);Password=$($DB_SETTINGS.DbPassword);MultipleActiveResultSets=True;Application Name=$($DB_SETTINGS.APPLICATION_NAME);Encrypt=True;Connection Timeout=180`""
docker exec $($VAULT_SETTINGS.SERVICE_NAME) vault kv put $string
 
$string="$($VAULT_SETTINGS.SECRETS_ENGINE_PATH)/$($VAULT_SETTINGS.SECRETS_SOLUTION_NAME)/Database__ConnectivityConnectionString default=`"Server=$($DB_SETTINGS.SERVICE_NAME);User=$($DB_SETTINGS.DbUser);Password=$($DB_SETTINGS.DbPassword);MultipleActiveResultSets=True;Application Name=$($DB_SETTINGS.APPLICATION_NAME);Encrypt=True;Connection Timeout=180`""
docker exec $($VAULT_SETTINGS.SERVICE_NAME) vault kv put $string

The variables are alphanumeric, no spaces or symbols. It's running Hashicorp latest vault and docker 20.10.17, fully patched Windows 11. The first invocation works ok (edit: it doesn't), but the second one returns 500.

I spent the whole afternoon on this and found out that if I add a space to Us er or Pass word to the 2nd invocation, for example:

$string="$($VAULT_SETTINGS.SECRETS_ENGINE_PATH)/$($VAULT_SETTINGS.SECRETS_SOLUTION_NAME)/Database__ConnectivityConnectionString default=`"Server=$($DB_SETTINGS.SERVICE_NAME);Us er=$($DB_SETTINGS.DbUser);Password=$($DB_SETTINGS.DbPassword);MultipleActiveResultSets=True;Application Name=$($DB_SETTINGS.APPLICATION_NAME);Encrypt=True;Connection Timeout=180`""

Then the second invocation works fine.

HOWEVER: If I do a Write-Host "docker exec $($VAULT_SETTINGS.SERVICE_NAME) vault kv put $string", copy-paste the results and run it, it runs fine.

Any ideas?

Solution

After 4 hours of pain, I found out that putting everything in quotes was creating two keys per request in hashicorp, splitting them at the first semicolon. Even the first example was broken. So here is the solution:

$string="Server=$($DB_SETTINGS.SERVICE_NAME);User=$($DB_SETTINGS.DbUser);Password=$($DB_SETTINGS.DbPassword);MultipleActiveResultSets=True;Application Name=$($DB_SETTINGS.APPLICATION_NAME);Encrypt=True;Connection Timeout=180"
docker exec $($VAULT_SETTINGS.SERVICE_NAME) vault kv put "$($VAULT_SETTINGS.SECRETS_ENGINE_PATH)/$($VAULT_SETTINGS.SECRETS_SOLUTION_NAME)/Database__ConnectivityConnectionString" default="$string"

Now, for example, why I must put in quotes $string in the invocation, I don't know. Now it works, but I really don't know why.

Does the path exist? Database__ConnectivityConnectionString Are you missing a forward slash in the pathe? — jdweng, Oct 19 '22 at 16:01
The sad reality up to at least PowerShell 7.2.x is that an _extra, manual_ layer of ``\``-escaping of embedded `"` characters is required in arguments passed to _external programs_. This _may_ get fixed in a future version, which _may_ require opt-in. See the linked duplicate for details. — mklement0, Oct 19 '22 at 16:05
In concrete terms: change `\`"` to `\\`"` (sic) inside your `"..."` string. — mklement0, Oct 19 '22 at 16:05

Potential Powershell bug? Or problem with Docker or Hashicorp?

0 Answers0