pass: Use pass executable path from _get_pass_exec()

2025-04-16 09:40:20 +00:00 · 2022-05-30 15:02:34 +02:00 · 2022-05-30 15:02:34 +02:00 · b327996cf5
commit b327996cf5
parent 4813a9f533
2 changed files with 4 additions and 2 deletions
--- a/changelog/62120.fixed
+++ b/changelog/62120.fixed
@ -1,3 +1,4 @@
+Pass executable path from _get_path_exec() is used when calling the program.
 The $HOME env is no longer modified globally.
 Only trailing newlines are stripped from the fetched secret.
 Pass process arguments are handled in a secure way.
--- a/salt/renderers/pass.py
+++ b/salt/renderers/pass.py
@ -75,13 +75,15 @@ def _fetch_secret(pass_path):
    Fetch secret from pass based on pass_path. If there is
    any error, return back the original pass_path value
    """
+    pass_exec = _get_pass_exec()
+
    # Make a backup in case we want to return the original value without stripped whitespaces
    original_pass_path = pass_path

    # Remove whitespaces from the pass_path
    pass_path = pass_path.strip()

-    cmd = ["pass", "show", pass_path]
+    cmd = [pass_exec, "show", pass_path]
    log.debug("Fetching secret: %s", " ".join(cmd))

    # Make sure environment variable HOME is set, since Pass looks for the
@ -119,5 +121,4 @@ def render(pass_info, saltenv="base", sls="", argline="", **kwargs):
    """
    Fetch secret from pass based on pass_path
    """
-    _get_pass_exec()
    return _decrypt_object(pass_info)