Skip to content

Fix CHISEL_KEY environment variable ignored when --keyfile not set #571

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jpillora merged 2 commits into from
Sep 11, 2025
Merged

Fix CHISEL_KEY environment variable ignored when --keyfile not set #571

jpillora merged 2 commits into from
Sep 11, 2025
+67 −1

Conversation

Copy link
Contributor

Copilot AI commented Sep 11, 2025
edited
Loading

The CHISEL_KEY environment variable was being ignored when the --keyfile flag was not provided, causing the server to generate random keys on each startup instead of using the consistent key from the environment variable.

Problem

The issue was in the conditional logic in main.go lines 238-242:

if config.KeyFile == "" {
    config.KeyFile = settings.Env("KEY_FILE")
} else if config.KeySeed == "" {  // <- This else if was the problem
    config.KeySeed = settings.Env("KEY")
}

With this logic:

  • If --keyfile is not set, check for CHISEL_KEY_FILE environment variable
  • BUT only if CHISEL_KEY_FILE is also empty, then check for CHISEL_KEY

This meant CHISEL_KEY was never checked when --keyfile wasn't provided.

Reproduction

Before the fix:

$ CHISEL_KEY=foo ./chisel server
2025/09/11 11:37:31 server: Fingerprint pNPdEW6Jua3VUGxyPTVRP6aa1zK+eHMKAgQF05KakRg=

$ CHISEL_KEY=foo ./chisel server  
2025/09/11 11:37:32 server: Fingerprint xTMln7cxGPrdQzA24ngO6MGWl3TaiHBww7EIEhOMP0o=  # Different!

Solution

Changed the else if to a separate if statement, making the environment variable checks independent:

if config.KeyFile == "" {
    config.KeyFile = settings.Env("KEY_FILE")
}
if config.KeySeed == "" {
    config.KeySeed = settings.Env("KEY")
}

Verification

After the fix:

$ CHISEL_KEY=foo ./chisel server
2025/09/11 12:07:29 server: Fingerprint HP0ROQhzJtI11mppkeKVFTWPbahaAgAlsSmBUB6JYEU=

$ CHISEL_KEY=foo ./chisel server
2025/09/11 12:07:38 server: Fingerprint HP0ROQhzJtI11mppkeKVFTWPbahaAgAlsSmBUB6JYEU=  # Same!

The fix preserves all existing behavior:

  • CHISEL_KEY_FILE still takes precedence over CHISEL_KEY when both are set
  • --keyfile flag still works as expected
  • --key flag still works (with deprecation warning)

Added comprehensive tests to prevent regression of this issue.

Fixes #570.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

@jpillora
Copy link
Owner

jpillora commented Sep 11, 2025

@copilot read the README and try to reproduce this issue

Copilot AI changed the title [WIP] Cannot use CHISEL_KEY environment variable if --keyfile is not set Fix CHISEL_KEY environment variable ignored when --keyfile not set Sep 11, 2025
Copilot AI requested a review from jpillora September 11, 2025 12:12
@jpillora jpillora marked this pull request as ready for review September 11, 2025 12:15
@jpillora jpillora merged commit 91d0f66 into master Sep 11, 2025
11 checks passed
@jpillora jpillora deleted the copilot/fix-570 branch September 11, 2025 12:17
Copy link
Contributor Author

Copilot AI commented Sep 11, 2025

@copilot read the README and try to reproduce this issue

I have reproduced the issue described in #570. Here are the test results:

Issue Reproduction

Before the fix (original buggy code):

$ CHISEL_KEY=foo ./chisel_buggy server --port 8083
2025/09/11 12:18:29 server: Fingerprint 9hd1/z4WHGEkF469ifkz1xmvjOZsX1/xpl8i+FlXNoo=

$ CHISEL_KEY=foo ./chisel_buggy server --port 8084  
2025/09/11 12:18:47 server: Fingerprint BuVJctE7MLTWdpz1dpiKz9lENb34aVWGp4Dn+M35Ua8=  # Different!

The fingerprints are different, confirming that CHISEL_KEY was being ignored and random keys were generated each time.

After the fix (current code):

$ CHISEL_KEY=foo ./chisel server --port 8081
2025/09/11 12:17:13 server: Fingerprint HP0ROQhzJtI11mppkeKVFTWPbahaAgAlsSmBUB6JYEU=

$ CHISEL_KEY=foo ./chisel server --port 8082
2025/09/11 12:17:30 server: Fingerprint HP0ROQhzJtI11mppkeKVFTWPbahaAgAlsSmBUB6JYEU=  # Same!

The fingerprints are now consistent, verifying the fix works correctly.

Root Cause

The issue was in the else if logic in main.go line 240:

if config.KeyFile == "" {
    config.KeyFile = settings.Env("KEY_FILE")
} else if config.KeySeed == "" {  // This prevented CHISEL_KEY from being checked
    config.KeySeed = settings.Env("KEY")
}

Solution

Changed to independent if statements (commit c4f2279):

if config.KeyFile == "" {
    config.KeyFile = settings.Env("KEY_FILE")
}
if config.KeySeed == "" {
    config.KeySeed = settings.Env("KEY")
}

All existing e2e tests pass, and the new tests verify the fix prevents regression.

Copilot AI requested a review from jpillora September 11, 2025 12:22
This was referenced Sep 11, 2025
Merged
Merged
samartha-pm pushed a commit to OutSystems/chisel that referenced this pull request Sep 15, 2025
@jpillora @samartha-pm
Fix CHISEL_KEY environment variable ignored when --keyfile not set (j…
1e551ed 
…pillora#571)

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: jpillora <[email protected]>
Signed-off-by: samartha.pm <[email protected]>
@samartha-pm samartha-pm mentioned this pull request Sep 22, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jpillora jpillora Awaiting requested review from jpillora

Assignees

@jpillora jpillora

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Cannot use CHISEL_KEY environment variable if --keyfile is not set

2 participants

@jpillora