Add retention option for destination secrets

hashicorp / vault-secrets-operator

The Vault Secrets Operator (VSO) allows Pods to consume Vault secrets natively from Kubernetes Secrets.

https://hashicorp.com

Other

454 stars 94 forks source link

Add retention option for destination secrets #459

Open mixolapmati opened 10 months ago

mixolapmati commented 10 months ago

Good to add retention option for destination secret

apiVersion: secrets.hashicorp.com/v1beta1 kind: VaultDynamicSecret metadata: name: vso-db-demo-create namespace: demo-ns spec: mount: demo-db path: creds/dev-postgres destination: create: true retain: true name: vso-db-demo-created

So, After deletion VaultStaticSecret or VaultDynamicSecret etc destination secrets should not be deleted to stay retained in system.

benashz commented 9 months ago

Hi @mixolapmati - if you set spec.destination.create=false the K8s Secret's lifecycle will no longer be tied to the VSO Secret* resource. That might be what you are after here?

mixolapmati commented 9 months ago

Hi @mixolapmati - if you set spec.destination.create=false the K8s Secret's lifecycle will no longer be tied to the VSO Secret* resource. That might be what you are after here?

@benashz Hello. No. It does not. Secret must be changeable while vaultstaticsecret exists and I need retained secret after vaultstaticsecret was deleted.