Secret values not getting updated
ssmall opened this issue · comments
Which component:
Controller (helm chart 2.15.1)
Describe the bug
I have several secrets that are managed by SealedSecrets. The SealedSecret yaml is checked into a Git repository and then applied to my cluster by Argo CD. I am able to confirm that the encryptedData
of the SealedSecret in the cluster matches what is stored in Git, and is different than the previous value. However, even after deleting the original (unsealed) secret and waiting for it to get re-created, the unsealed value is not updated to the new secret contents and is instead using the old secret value.
To Reproduce
I tried to rotate the secret values today using the following command:
kubectl create secret generic ${SECRET_NAME} \
--from-file ${SECRET_FILE} \
--dry-run=client \
--namespace secrets \
-o yaml |
kubeseal --format yaml --merge-into ${SECRET_NAME}.yaml \
--controller-name sealed-secrets \
--controller-namespace sealed-secrets
and then checking the resulting ${SECRET_NAME}.yaml
into my Git repo to be applied by ArgoCD.
I have also tried kubectl apply -f ${SECRET_NAME}.yaml
with the same outcome.
Expected behavior
Unsealed secret is updated based on rotated sealed secret value.
Version of Kubernetes: 1.28
- Output of
kubectl version
:
Client Version: v1.28.7
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.28.5-gke.1200
Additional context
None
Solved my own problem here ... I had piped a kubectl annotate
between the kubectl create
and kubeseal
commands that I did not realize was reading the current secret value from the cluster (instead of from stdin).