Unable to re-encrypt sealed-secrets

[ChinthapalliNikhithaChandana]

Which component: Kubeseal --re-encrypt

Describe the bug I'm using my own TLS certificate to encrypt and decrypt the secrets in sealed-secrets controller. Now, I want to change my TLS certificate and re-encrypt the sealed secrets using new TLS certificate.

To Reproduce Steps to reproduce the behavior:

1. Created new TLS certificate using openssl
2. Deleted old tls-secret from sealed-secrets controller
3. Created new tls-secret using new TLS certs
4. Restarted the sealed-secrets controller and verified that controller picks the tls certificate
5. Run the command: cat traefik-sealed-secret.yaml | kubeseal --re-encrypt --controller-name=sealed-secrets --controller-namespace=sealed-secrets -o yaml > tmp.yaml

Expected behavior Re-encrypted sceret

Version of Kubernetes:

• Output of kubectl version:

(error: cannot re-encrypt secret: an error on the server ("") has prevented the request from succeeding (post services http:sealed-secrets:http))

Additional context Add any other context about the problem here.

[agarcia-oss]

Hi @ChinthapalliNikhithaChandana

The re-encryption issue seems to be related with the second step: "Delete old tls secret from controller". Re-encryption needs to be able to decrypt the original sealed secret to generate a new sealed secret.

Please check the controller logs to confirm that.