When creating a secret the data for the secret will be leaked in the debug level logs. (log output is dummy data so no worries that it's in the issue) (i have made the secret bold so it's more easy to see)
when looking at the console/terminal where std out is written for the controller we can see that the base64 secret is in the logs. The example in the above step is used to get the logs that is in this issue.
What happened?
When creating a secret the data for the secret will be leaked in the debug level logs. (log output is dummy data so no worries that it's in the issue) (i have made the secret bold so it's more easy to see)
2024-05-21T15:28:05.996+0200 DEBUG provider-kubernetes Observing {"resource": {"kind":"Object","apiVersion":"kubernetes.crossplane.io/v1alpha2","metadata":{"name":"secretpatch","uid":"d4213d87-a666-4287-994f-f75199cf7135","resourceVersion":"1161","generation":3,"creationTimestamp":"2024-05-21T13:28:04Z","annotations":{"crossplane.io/external-create-pending":"2024-05-21T15:28:04+02:00","crossplane.io/external-create-succeeded":"2024-05-21T15:28:04+02:00","crossplane.io/external-name":"secretpatch","kubectl.kubernetes.io/last-applied-configuration":"{\"apiVersion\":\"kubernetes.crossplane.io/v1alpha2\",\"kind\":\"Object\",\"metadata\":{\"annotations\":{},\"name\":\"secretpatch\"},\"spec\":{\"forProvider\":{\"manifest\":{\"apiVersion\":\"v1\",\"data\":{},\"kind\":\"Secret\",\"metadata\":{\"namespace\":\"default\"}}},\"providerConfigRef\":{\"name\":\"kubernetes-provider\"},\"references\":[{\"patchesFrom\":{\"apiVersion\":\"v1\",\"fieldPath\":\"data.sensitive\",\"kind\":\"Secret\",\"name\":\"secretpatch\",\"namespace\":\"crossplane-system\"},\"toFieldPath\":\"data.key-from-secret\"}]}}\n"},"finalizers":["finalizer.managedresource.crossplane.io"],"managedFields":[{"manager":"kubectl-client-side-apply","operation":"Update","apiVersion":"kubernetes.crossplane.io/v1alpha2","time":"2024-05-21T13:28:04Z","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:annotations":{".":{},"f:kubectl.kubernetes.io/last-applied-configuration":{}}},"f:spec":{".":{},"f:deletionPolicy":{},"f:forProvider":{".":{},"f:manifest":{".":{},"f:apiVersion":{},"f:data":{},"f:kind":{},"f:metadata":{".":{},"f:namespace":{}}}},"f:managementPolicies":{},"f:providerConfigRef":{".":{},"f:name":{}},"f:references":{},"f:watch":{}}}},{"manager":"main","operation":"Update","apiVersion":"kubernetes.crossplane.io/v1alpha2","time":"2024-05-21T13:28:04Z","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:annotations":{"f:crossplane.io/external-create-pending":{},"f:crossplane.io/external-create-succeeded":{},"f:crossplane.io/external-name":{}},"f:finalizers":{".":{},"v:\"finalizer.managedresource.crossplane.io\"":{}}},"f:spec":{"f:forProvider":{"f:manifest":{"f:data":{"f:key-from-secret":{}}}},"f:readiness":{".":{},"f:policy":{}}}}},{"manager":"main","operation":"Update","apiVersion":"kubernetes.crossplane.io/v1alpha2","time":"2024-05-21T13:28:05Z","fieldsType":"FieldsV1","fieldsV1":{"f:status":{".":{},"f:atProvider":{".":{},"f:manifest":{".":{},"f:apiVersion":{},"f:data":{".":{},"f:redacted":{}},"f:kind":{},"f:metadata":{".":{},"f:annotations":{".":{},"f:kubectl.kubernetes.io/last-applied-configuration":{}},"f:creationTimestamp":{},"f:managedFields":{},"f:name":{},"f:namespace":{},"f:resourceVersion":{},"f:uid":{}},"f:type":{}}},"f:conditions":{".":{},"k:{\"type\":\"Ready\"}":{".":{},"f:lastTransitionTime":{},"f:reason":{},"f:status":{},"f:type":{}},"k:{\"type\":\"Synced\"}":{".":{},"f:lastTransitionTime":{},"f:reason":{},"f:status":{},"f:type":{}}}}},"subresource":"status"}]},"spec":{"providerConfigRef":{"name":"kubernetes-provider"},"managementPolicies":["*"],"deletionPolicy":"Delete","forProvider":{"manifest":{"apiVersion":"v1","data":{"key-from-secret":"cGFzc3dvcmQ="},"kind":"Secret","metadata":{"namespace":"default"}}},"references":[{"patchesFrom":{"apiVersion":"v1","kind":"Secret","name":"secretpatch","namespace":"crossplane-system","fieldPath":"data.sensitive"},"toFieldPath":"data.key-from-secret"}],"readiness":{"policy":"SuccessfulCreate"}},"status":{"conditions":[{"type":"Ready","status":"True","lastTransitionTime":"2024-05-21T13:28:05Z","reason":"Available"},{"type":"Synced","status":"True","lastTransitionTime":"2024-05-21T13:28:04Z","reason":"ReconcileSuccess"}],"atProvider":{"manifest":{"apiVersion":"v1","data":{"redacted":null},"kind":"Secret","metadata":{"annotations":{"kubectl.kubernetes.io/last-applied-configuration":"{\"apiVersion\":\"v1\",\"data\":{\"key-from-secret\":\"cGFzc3dvcmQ=\"},\"kind\":\"Secret\",\"metadata\":{\"namespace\":\"default\"}}"},"creationTimestamp":"2024-05-21T13:28:04Z","managedFields":[{"apiVersion":"v1","fieldsType":"FieldsV1","fieldsV1":{"f:data":{".":{},"f:key-from-secret":{}},"f:metadata":{"f:annotations":{".":{},"f:kubectl.kubernetes.io/last-applied-configuration":{}}},"f:type":{}},"manager":"main","operation":"Update","time":"2024-05-21T13:28:04Z"}],"name":"secretpatch","namespace":"default","resourceVersion":"1157","uid":"fbc2356a-4b4b-4baf-a3e4-8dec5ffa0cf3"},"type":"Opaque"}}}}}
How can we reproduce it?