Can't access TLS certificates in GCP secrets

[rozdestvenskiy]

I'm using GCP secret manager to store TLS certificates and keys for my project. And I want to use external-secrets to easy share them to pods. But when I try to get access from my Ingress pods, I've got this error: Error while creating certificate store: failed to load X509 key pair: tls: failed to find any PEM data in certificate input I checked this secret in kubectl and it cant get access to secret data, as I think:

Name:         my-cert
Namespace:    default
Labels:       <none>
Annotations:  <none>

Type:  Opaque

Data
====

But If i use another data in secret (not pem certificate) all is fine:

Name:        creds
Namespace:    default
Labels:       <none>
Annotations:  <none>

Type:  Opaque

Data
====
password:  16 bytes
username:  8 bytes

Here is the manifest for external secret:

apiVersion: kubernetes-client.io/v1
kind: ExternalSecret
metadata:
  name: my-cert # name of the k8s external secret and the k8s secret
spec:
  backendType: gcpSecretsManager
  projectId: my-project-id
  data:
    - key: secret
      property: tls.crt
      name: tls.crt
    - key: secret
      property: tls.key
      name: tls.key

Here is how my secret in GCP looks like:

{
    "tls.crt":"here-is-my-cert",
    "tls.key":"here-is-my-private-key"
}

Can somebody help me? Maybe it is kind of bug?

[rozdestvenskiy]

Looks like I fixed it by myself. Now I store key and cert in two different GCP secrets and here is manifest for external secret: apiVersion: kubernetes-client.io/v1 kind: ExternalSecret metadata: name: my-cert # name of the k8s external secret and the k8s secret spec: backendType: gcpSecretsManager projectId: my-project-id data:

• key: ssl-cert name: tls.crt
• key: ssl-key name: tls.key