problems with sharing a repo's encryption key

[rauerhans]

Summary

We were trying to share access to an encrypted deployment repository using plural crypto share as per https://docs.plural.sh/advanced-topics/security/secret-management#share-a-repo

It does not work as expected though as it's not possible for any other user (logged in correctly with the mentioned accounts) to clone and decrypt the repo.

Reproduction

With a deployment SA [email protected] we created the repo, and after installing the kubeflow-aws we followed the following steps:

setup:

dev2-at-onplural-sh on  main on ☁️  at-kf1 (eu-central-1) on ☁️   
❯ plural crypto setup-keys --name sharekey                 
Public key uploaded successfully

dev2-at-onplural-sh on  main on ☁️  at-kf1 (eu-central-1) on ☁️   
❯ plural crypto share --email [email protected]

dev2-at-onplural-sh on  main [!] on ☁️  at-kf1 (eu-central-1) on ☁️   
❯ plural crypto share --email [email protected]

dev2-at-onplural-sh on  main [!] on ☁️  at-kf1 (eu-central-1) on ☁️   
❯ git add .

dev2-at-onplural-sh on  main [+] on ☁️  at-kf1 (eu-central-1) on ☁️   
❯ git commit -m "share key"

dev2-at-onplural-sh on  main [⇡] on ☁️  at-kf1 (eu-central-1) on ☁️   
❯ git push                                              

On the other end the user [email protected] should have been able to decrypt the repo but that was unsuccessful:

(base) rosko@AT-NB-182:~/git_repos/kubesoup/dev2-at-onplural-sh$ plural crypto init
Creating git encryption filters

2022/08/23 17:47:26 no identity matched any of the recipients

There is also no public key listed in app.plural.sh after this process.

Plural UI/UX Issue Screenshots

---

Message from the maintainers:

Impacted by this bug? Give it a 👍. We factor engagement into prioritization.

[rauerhans]

Update:

After a first deployment of the plural bundle (kubeflow) we tried again with sharing the repo and we observed something curious.

Performing the following command we now saw indeed changes in the .plural-crypt/identities.yaml:

dev2-at-onplural-sh on  main [!] on ☁️  at-kf1 (eu-central-1) on ☁️   
❯ plural crypto share --email [email protected]  

This added an identity to .plural-crypt/identities.yaml:

repokey: xxx
identities:
- key: xxx
  email: [email protected]
- key: xxx
  email: [email protected]

This is probably expected behaviour. After pushing the generated changes to the remote repo Rostislav was indeed able to unlock the repo on his local clone performing plural crypto init and plural crypto unlock. So this worked, but only after a successful first deployment of the plural stack/workspace.

Now the curious bit.
I wanted to share the repo with my personal plural account as well (bare in mind I'm still using the SA). So I did the same step for me:

dev2-at-onplural-sh on  main [!] on ☁️  at-kf1 (eu-central-1) on ☁️   
❯ plural crypto share --email [email protected]   

I expected the identity to be added to the .plural-crypt/identities.yaml file, too, but it not only didn't add it, it also erased all previous entries except for the SA one.

repokey: xxx
identities:
- key: xxx
  email: [email protected]

I tried with the documented suggestion of multiple email addresses, too, but that had the same effect:

dev2-at-onplural-sh on  main [!] on ☁️  at-kf1 (eu-central-1) on ☁️   
❯ plural crypto share --email [email protected] --email [email protected]

For all of the steps I was logged in as the SA we used for the deployment:

dev2-at-onplural-sh on  main [!?] on ☁️  at-kf1 (eu-central-1) on ☁️
❯ plural profile show
apiVersion: platform.plural.sh/v1alpha1
kind: Config
metadata:
  name: dev2.at
spec:
  email: [email protected]
  token: plrl-xxxxxxxxx
  namespacePrefix: ""
  endpoint: ""
  lockProfile: ""
  reportErrors: true

Plural CLI version used:

dev2-at-onplural-sh on  main on ☁️  at-kf1 (eu-central-1) on ☁️
❯ plural version
Plural CLI:
  Version: v0.4.4-60-gf9ab40e
  Git Commit: f9ab40e
  Compiled At: 2022-08-24 14:25:45.874807 +0200 CEST m=+0.034057539
  OS: darwin
  Arch: amd64