ambiguity in config fields: file names vs verbatim strings

[srenatus]

This came up discussing #3772: We're having a single field for keys that could either be file references, or verbatim secrets. The disambiguation happens by first attempting to pem.Decode it (if it succeeds, it's a priv key of some sort), then trying to open it as a file, and if that yields a "file not found" error, we'll take it as a verbatim secret key string.

The understanding from the discussion there was that the last part is to support HMAC secrets which are "plain strings", not PEM encoded of some sort. As a consequence, certain HMAC secrets are impossible to use, like "/dev/null" on UNIX-y platforms.

While it's very unlikely to cause any trouble, I think it would be nicer if we avoided this kind of ambiguity altogether. For any X that could come from a file or a verbatim string, it would be preferable to have two config keys, X_file and X or something like that 🤔

[ashutosh-narkar]

We could add a new option such as --signing-key-file to specify path of the file containing the private key and use the existing --signing-key for verbatim string. This would be a backward incompatible change.

[srenatus]

Sounds fair. We could also introduce warnings, so if a file was passed to --signing-key, we could warn and inform the user that at some point in the future, it will only work with --signing-key-file. After a few releases, we'll drop the support for file names passed via --signing-key.

[stale]

This issue has been automatically marked as inactive because it has not had any activity in the last 30 days.