The operator should allow arbitrary string->string mappings for secrets

[miskr-instructure]

Problem: if the desired secret key is not possible to produce via any existing nameTransformer, then DopplerSecret cannot be used to sync the secrets to kubernetes. Example: the secret key string tls.cert key cannot be produced with any nameTransformer from a Doppler secret name.

It should be possible to provide a string-string mapping of <doppler_upper_snake_case_name> to <arbitrary_string> so that any secret can be populated.

Example of what I'd suggest:

apiVersion: secrets.doppler.com/v1alpha1
kind: DopplerSecret
metadata:
  name: dopplersecret-test
  namespace: doppler-operator-system
spec:
  tokenSecret:
    name: doppler-token-secret
  # doppler-side secret names cannot contain ":" so it could be used to segment the list entries:
  secrets:
    # directly map "VAR1" from doppler to key "something.totally.different" in the kubernetes secret object
    - 'VAR1:something.totally.different'
  managedSecret:
    name: doppler-test-secret
    namespace: default

[watsonian]

@miskr-instructure I believe what you're looking for here is possible with processors. Notably from the docs:

You can also override the default name that's used when creating the secret in Kubernetes. By default, it will use the same uppercase secret name found in Doppler. To adjust this, add the asName parameter to the processor:

processors:
  PKCS12_CERT:
    type: base64
    asName: tls.crt
  PKCS12_KEY:
    type: base64
    asName: tls.key

Will that work for you?

[miskr-instructure]

Oh, that is handy, it should work for me. Thanks!