Error when declaratively adding a new AKS cluster (using MSI)

Checklist:

[x] I've searched in the docs and FAQ for my answer: https://bit.ly/argocd-faq.
[x] I've included steps to reproduce the bug.
[x] I've pasted the output of argocd version.

Describe the bug

I'm trying to add a new AKS cluster declaratively using kubelogin, but I'm getting the following error:

level=error msg="could not unmarshal cluster secret aks-workload-dev-secret-manual"

This is how my cluster Secret looks like:

---
apiVersion: v1
kind: Secret
metadata:
  labels:
    argocd.argoproj.io/secret-type: cluster
  name: aks-workload-dev-secret-manual
  namespace: argocd
stringData:
  config: |
    {
      "execProviderConfig": {
        "command": "argocd-k8s-auth",
        "env": {
          "AZURE_CLIENT_ID": REDACTED,
          "AAD_LOGIN_METHOD": "msi"
        },
        "args": ["azure"],
        "apiVersion": "client.authentication.k8s.io/v1beta1"
      },
      "tlsClientConfig": {
        "insecure": true,
        "caData": REDACTED
      }
    }
  name: aks-workload-dev
  server: REDACTED
type: Opaque

I have already added the required configs to the deployment templates (for both the server and app controller) to use kubelogin:

Screenshot 2024-01-05 at 15 55 04

Screenshot 2024-01-05 at 16 00 40

The error could be caused by a formatting issue (maybe with my JSON in the Secret manifest), or I might have misconfigured something. I'd appreciate if someone could help, please.

To Reproduce

Run the secret above with own values (replaced by REDACTED).

Expected behavior

The cluster is added in Argo CD

Version

v2.9.3+6eba5be

Logs

level=error msg="could not unmarshal cluster secret aks-workload-dev-secret"

argoproj / argo-cd

Error when declaratively adding a new AKS cluster (using MSI) #16759