mirrors/sops-nix
mirrors/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2025-03-05 08:07:16 +00:00
Code Activity

template rendering should only read referenced secrets

Browse source 
Adds an extra check to determine if the placeholder ocurrs in template
content before actually reading the corresponding secret file.
In terms of performance, this adds an extra string search, but removes
possibly unneceassary file reading if the secret is not used in the
template, though both of them should be negligible in most cases.
Fixes Mic92/sops-nix#496.
This commit is contained in:
DDoSolitary 2024-02-19 16:28:05 +08:00 committed by mergify[bot]
parent ffed177a9d
commit f805f3061a
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
modules/sops/templates/subs.py
View file

@ -10,8 +10,9 @@ def substitute(target: str, subst: str) -> str:
for pair in subst_pairs:
placeholder, path = pair.split()
with open(path) as f:
content = content.replace(placeholder, f.read())
if placeholder in content:
with open(path) as f:
content = content.replace(placeholder, f.read())
return content