Error Adding Userpass Users with Special Character Passwords

[je...@anyperk.com]

When I attempt to add a user to the userpass auth backend via CLI, and that user has a special character in their password, I get the following error:

➜  ~  vault write auth/userpass/users/user2 password=@foo! policies=root

Error loading data: Invalid key/value pair 'password=@foo!': error reading file: open foo!: no such file or directory

Thanks,

Jesse DeRose

[Jeff Mitchell]

Hi Jesse,

When using '@' at the beginning of an option it attempts to read the
value from a file.

It should work if you enclose "@foo!" in quotes (you may need single
quotes as opposed to double).

Thanks,
Jeff

> --
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in violation
> of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/vault-tool/f2b10b79-04bc-42d2-8257-dc4b48c3e9b3%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[je...@anyperk.com]

Hey Jeff,

Using single or double quotes did not work. 

➜  ~  vault write auth/userpass/users/user2 password='@foo!' policies=root

Error loading data: Invalid key/value pair 'password=@foo!': error reading file: open foo!: no such file or directory

➜  ~  vault write auth/userpass/users/user2 password="@foo!" policies=root

dquote>

I tried single setting a password that did not start with other special characters (like '!foo') and that worked. 

➜  ~  vault write auth/userpass/users/user2 password='!foo' policies=root

Success! Data written to: auth/userpass/users/user2

➜  ~  vault write auth/userpass/users/user2 password='%foo' policies=root

Success! Data written to: auth/userpass/users/user2

So maybe the "@" symbol just can't be the first character of the password?

Best,

Jesse DeRose

[Brian Caldwell]

Hi Jesse,

Did you find a resolution to this issue?

[Jeff Mitchell]

Hi Brian,

You can't use @ as the first character in an argument using the CLI as this tells it to read the value from a file. You can do it directly via the HTTP API however.

I suppose you could also put the value in a file and then use the @ notation to read the value starting with @ from the file :-D

Best,
Jeff

To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/bf679457-ead3-4fbd-be92-c4f4577f0d7f%40googlegroups.com.

[mehran.n...@gmail.com]

Hi Brian,

I don't know if this is still relevant to you. I had the same problem today. You can use '@' as the first character in an argument if you escape it.

PS C:\Users\u2983> vault write secret/appcred temppw=@VM!VwDJdlask%#2=B62

Error loading data: Invalid key/value pair 'temppw=@VM!VwDJd%#2=B62': error reading file: open VM!VwDJdlask%#2=B62: The system cannot find the file specified.

But the following works:

PS C:\Users\u2983> vault write secret/appcred temppw=\@VM!VwDJdlask%#2=B62

Success! Data written to: secret/appcred

Regards,

Mehran