Which component:
Controller (helm chart 2.15.1)

Describe the bug
I have several secrets that are managed by SealedSecrets. The SealedSecret yaml is checked into a Git repository and then applied to my cluster by Argo CD. I am able to confirm that the encryptedData of the SealedSecret in the cluster matches what is stored in Git, and is different than the previous value. However, even after deleting the original (unsealed) secret and waiting for it to get re-created, the unsealed value is not updated to the new secret contents and is instead using the old secret value.

To Reproduce
I tried to rotate the secret values today using the following command:

kubectl create secret generic ${SECRET_NAME} \
--from-file ${SECRET_FILE} \
--dry-run=client \
--namespace secrets \
-o yaml |
kubeseal --format yaml --merge-into ${SECRET_NAME}.yaml \
         --controller-name sealed-secrets \
         --controller-namespace sealed-secrets

and then checking the resulting ${SECRET_NAME}.yaml into my Git repo to be applied by ArgoCD.

I have also tried kubectl apply -f ${SECRET_NAME}.yaml with the same outcome.

Expected behavior
Unsealed secret is updated based on rotated sealed secret value.

Version of Kubernetes: 1.28

• Output of kubectl version:

Client Version: v1.28.7
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.28.5-gke.1200

Additional context

None

Solved my own problem here ... I had piped a kubectl annotate between the kubectl create and kubeseal commands that I did not realize was reading the current secret value from the cluster (instead of from stdin).