From 42df8b2909577205b6ce2ea04cf1c577c7d91097 Mon Sep 17 00:00:00 2001
From: Jon Michael Aanes <jonjmaa@gmail.com>
Date: Mon, 8 Jul 2024 00:27:21 +0200
Subject: [PATCH] Only return first line

---
 secret_loader/__init__.py | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/secret_loader/__init__.py b/secret_loader/__init__.py
index de938d8..2d42bcc 100644
--- a/secret_loader/__init__.py
+++ b/secret_loader/__init__.py
@@ -24,6 +24,24 @@ Secret loading order:
    locally, and configuration of the `PASS_STORE_SUBFOLDER` through one of the above
    methods.
 4. Vault instance if configured. Suited for production environments.
+
+## TODO
+
+- [ ] Mlock secrets to prevent leakage to swap file.
+- [ ] Wrap secrets in intelligent strings:
+    * Instead of returning None on unloaded, return UnknownSecret, that produce
+      error when formatted.
+    * `repr(secret)` should not include contents, but only the secret and how
+      it was loaded.
+    * Methods on `Secret` should be kept minimal.
+- [ ] Vault:
+  * [ ] Ensure vault code path works.
+  * [ ] Document usage and requirements.
+
+## License
+
+Copyright 2024 Jon Michael Aanes.
+All rights reserved.
 """
 import logging
 import os
@@ -120,7 +138,11 @@ class SecretLoader:
         process = subprocess.run(cmd, capture_output =  True)
         if process.returncode:
             return None
-        return process.stdout.decode('utf8')
+
+        password_file = process.stdout.decode('utf8')
+        for line in password_file.split('\n'):
+            return line
+        return None
 
     def _load_or_none_vault(self, env_key: str) -> str | None:
         if self.vault_client is None: