Decrypting binaries

[adamhealthhero]

Not getting desired results when decrypting binary files.

creating a binary file and encrypting it

dd if=/dev/urandom of=randomfile bs=1024 count=2
sops -e --azure-kv $SOPS_KEY randomfile > encfile
sha512sum randomfile
db61e16c228c9d7d4a18832310cef488201ab0675fa641e78f2fa4be2f3ca13798ef2810fa79b691db0e78ee04f18007f6965baab9a4c5068f03102fd5c184c0  randomfile

In terraform:

data "sops_file" "test" {
  source_file = "encfile"
  input_type  = "raw"
}

resource "local_file" "randomfile" {
  content  = data.sops_file.test.raw
  filename = "decodedfile"
}

file decoded and written out to file

72a5d72f08e5deda71c8e137b24b9df8394e6396af55de69f1bb768eb5220c00ac721d3f3e62c0d9e22e50e0745562dd2cbc15c744672c800129145517097de6  decodedfile

Credentials are supplied by using the environment vars AZURE_TENANT_ID, AZURE_CLIENT_ID,AZURE_CLIENT_SECRET;
SOPS_KEY is the full url to the secret used to encrypt the file.

Using sops manually results in the correct decryption

sops -d --extract '["data"]' --azure-kv $SOPS_KEY encfile > dencfile
db61e16c228c9d7d4a18832310cef488201ab0675fa641e78f2fa4be2f3ca13798ef2810fa79b691db0e78ee04f18007f6965baab9a4c5068f03102fd5c184c0  dencfile

[carlpett]

Hi @adamhealthhero,
Somehow I missed this when it was opened, sorry about that.

Looking at this now, though, I'm unable to reproduce your results. There's also a unit test checking this (although not specifically writing it to local_file). Can you still reproduce this?