vault-editor prints an error becacause it tries to add and remove test credentials to the keychain (and there is an unnecessary dbus dependency?)

[simonfelding]

Issue tracker is ONLY used for reporting bugs with technical details. "It doesn't work" or new features should be discussed with our customer support. Please use bug report function in Bridge or contact [email protected].

I'm trying to run protonmail-bridge in a container, and I want to use vault-editor to modify the settings in the vault.enc file.

I'm doing the following before starting protonmail-bridge to make sure things are as expected:

    /protonmail/vault-editor read | \
    jq '.Settings.AutoUpdate = (env.PROTONMAIL_AutoUpdate | if . == "true" then true else false end)
    | .Settings.TelemetryDisabled = (env.PROTONMAIL_TelemetryDisabled | if . == "true" then true else false end)
    | .Settings.GluonDir |= "\(env.HOME)/.local/share/protonmail/bridge-v3/gluon"
    | .Settings.Autostart = false
    | .Settings.SMTPPort = 1025
    | .Settings.IMAPPort = 1143 ' \
    | /protonmail/vault-editor write

Expected Behavior

I expect that vault-editor read outputs json to stdout, and vault-editor write takes json from stdin and saves it to the vault.enc file.

Current Behavior

I get this when vault-editor read is run:

level=warning msg="Failed to add test credentials to keychain" error="failed to open dbus connection: exec: \"dbus-launch\": executable file not found in $PATH" helper="*keychain.SecretServiceDBusHelper"
level=info msg="Keychain is usable." keychain=Pass

I do not have dbus installed in my docker image, and why should I? I don't need to add test credentials?
It does output the json data just fine though.

When the result is piped to vault-editor write, I get the following messages:

level=warning msg="Failed to delete test credentials from keychain" error="exit status 1: Error: docker-credential-helpers/YnJpZGdlL2NoZWNr is not in the password store.\n" helper="*pass.Pass"

level=error msg="Could not load/create vault key" error="could not create keychain: no keychain"

Possible Solution

Stop trying to add the docker credential helper and remove the dbus dependency if it isn't needed.

OR

Allow the use of environment variables to override the settings without having to rely on vault-editor.

OR

Stop using vault-editor and just rely on standard tooling to encrypt and decrypt files, like GPG or age.

Steps to Reproduce

1. With protonmail set up using gpg and Pass, run the following command:

    /protonmail/vault-editor read | \
    jq '.Settings.AutoUpdate = true
    | .Settings.TelemetryDisabled = false
    | .Settings.GluonDir |= "\(env.HOME)/.local/share/protonmail/bridge-v3/gluon"
    | .Settings.Autostart = false
    | .Settings.SMTPPort = 1025
    | .Settings.IMAPPort = 1143 ' \
    | /protonmail/vault-editor write

Note: It can be reproduced using this container (with already prepared data mounted in /root). see /protonmail/entrypoint.sh.

Version Information

3.15.1+git

Context (Environment)

I'm trying to run the protonmail-bridge in Kubernetes.

Detailed Description

Possible Implementation

[simonfelding]

Okay turns out it actually does work, it just prints an error even though it doesn't fail.

[simonfelding]

Strangely, this works as expected if the output of jq is not piped to vault-editor write.