Clarify that syncing from a vault to a Kubernetes secret only works with secrets created by the SecretProviderClass instance

Azure / secrets-store-csi-driver-provider-azure

Azure Key Vault provider for Secret Store CSI driver allows you to get secret contents stored in Azure Key Vault instance and use the Secret Store CSI driver interface to mount them into Kubernetes pods.

https://azure.github.io/secrets-store-csi-driver-provider-azure/

MIT License

439 stars 193 forks source link

Clarify that syncing from a vault to a Kubernetes secret only works with secrets created by the SecretProviderClass instance #1620

Closed ejschoen closed 4 days ago

ejschoen commented 3 months ago

If secretObjects.secretName refers to a pre-existing secret, a pod configuration error is flagged because the secret is missing the key requested in the pod's env.<>.valueFrom.secretRef.key field. If the secret exists and the requested key exists, there is no error, but the vault value is not synced to the secret value.

It might help if the documentation for syncing to Kubernetes secrets explicitly states that the SPC must create the secret.

MostefaKamalLala commented 2 months ago

I think this is an interesting feature request, To avoid having multiple secrets, it woul be interesting to update an existing k8s secret object by appending a non existant key.

github-actions[bot] commented 1 week ago

This issue is stale because it has been open 14 days with no activity. Please comment or this will be closed in 7 days.

github-actions[bot] commented 4 days ago

This issue was closed because it has been stalled for 21 days with no activity. Feel free to re-open if you are experiencing the issue again.