From 074d4a1a2ae2c70dcee4bba2d58866c60a483682 Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Tue, 10 Feb 2026 14:51:22 -0800 Subject: [PATCH] Fix op item get --fields usage in mise tasks Replace with op read to prevent multi-line secret value corruption, matching the convention documented in CLAUDE.md and #143. Co-Authored-By: Claude Opus 4.6 --- docs/changelog.d/feature-unifi-pulumi.bugfix.md | 1 + mise-tasks/dns-preview | 2 +- mise-tasks/dns-up | 2 +- mise-tasks/tailnet-preview | 4 ++-- mise-tasks/tailnet-up | 4 ++-- 5 files changed, 7 insertions(+), 6 deletions(-) create mode 100644 docs/changelog.d/feature-unifi-pulumi.bugfix.md diff --git a/docs/changelog.d/feature-unifi-pulumi.bugfix.md b/docs/changelog.d/feature-unifi-pulumi.bugfix.md new file mode 100644 index 0000000..015a6ed --- /dev/null +++ b/docs/changelog.d/feature-unifi-pulumi.bugfix.md @@ -0,0 +1 @@ +Replace `op item get --fields` with `op read` in all mise tasks (tailnet-up, tailnet-preview, dns-up, dns-preview) to prevent multi-line secret corruption. diff --git a/mise-tasks/dns-preview b/mise-tasks/dns-preview index be7b9e0..2591640 100755 --- a/mise-tasks/dns-preview +++ b/mise-tasks/dns-preview @@ -3,7 +3,7 @@ set -euo pipefail -GANDI_PERSONAL_ACCESS_TOKEN=$(op --vault vg6xf6vvfmoh5hqjjhlhbeoaie item get mco6ka3dc3rmw7zkg2dhia5d2m --fields pat --reveal) +GANDI_PERSONAL_ACCESS_TOKEN=$(op read "op://blumeops/gandi - blumeops/pat") export GANDI_PERSONAL_ACCESS_TOKEN cd "$(dirname "$0")/../pulumi/gandi" diff --git a/mise-tasks/dns-up b/mise-tasks/dns-up index 2be5abb..55f786a 100755 --- a/mise-tasks/dns-up +++ b/mise-tasks/dns-up @@ -3,7 +3,7 @@ set -euo pipefail -GANDI_PERSONAL_ACCESS_TOKEN=$(op --vault vg6xf6vvfmoh5hqjjhlhbeoaie item get mco6ka3dc3rmw7zkg2dhia5d2m --fields pat --reveal) +GANDI_PERSONAL_ACCESS_TOKEN=$(op read "op://blumeops/gandi - blumeops/pat") export GANDI_PERSONAL_ACCESS_TOKEN cd "$(dirname "$0")/../pulumi/gandi" diff --git a/mise-tasks/tailnet-preview b/mise-tasks/tailnet-preview index 3df1369..8a39842 100755 --- a/mise-tasks/tailnet-preview +++ b/mise-tasks/tailnet-preview @@ -3,9 +3,9 @@ set -euo pipefail -TAILSCALE_OAUTH_CLIENT_ID=$(op --vault vg6xf6vvfmoh5hqjjhlhbeoaie item get wi6bkf7bcccwfy4eu776ab4p4u --fields client_id) +TAILSCALE_OAUTH_CLIENT_ID=$(op read "op://blumeops/tailscale - blumeops/client_id") export TAILSCALE_OAUTH_CLIENT_ID -TAILSCALE_OAUTH_CLIENT_SECRET=$(op --vault vg6xf6vvfmoh5hqjjhlhbeoaie item get wi6bkf7bcccwfy4eu776ab4p4u --fields client_secret --reveal) +TAILSCALE_OAUTH_CLIENT_SECRET=$(op read "op://blumeops/tailscale - blumeops/client_secret") export TAILSCALE_OAUTH_CLIENT_SECRET export TAILSCALE_TAILNET="tail8d86e.ts.net" diff --git a/mise-tasks/tailnet-up b/mise-tasks/tailnet-up index 882fada..7f36d93 100755 --- a/mise-tasks/tailnet-up +++ b/mise-tasks/tailnet-up @@ -3,9 +3,9 @@ set -euo pipefail -TAILSCALE_OAUTH_CLIENT_ID=$(op --vault vg6xf6vvfmoh5hqjjhlhbeoaie item get wi6bkf7bcccwfy4eu776ab4p4u --fields client_id) +TAILSCALE_OAUTH_CLIENT_ID=$(op read "op://blumeops/tailscale - blumeops/client_id") export TAILSCALE_OAUTH_CLIENT_ID -TAILSCALE_OAUTH_CLIENT_SECRET=$(op --vault vg6xf6vvfmoh5hqjjhlhbeoaie item get wi6bkf7bcccwfy4eu776ab4p4u --fields client_secret --reveal) +TAILSCALE_OAUTH_CLIENT_SECRET=$(op read "op://blumeops/tailscale - blumeops/client_secret") export TAILSCALE_OAUTH_CLIENT_SECRET export TAILSCALE_TAILNET="tail8d86e.ts.net"