Open mixolapmati opened 10 months ago
Hi @mixolapmati - if you set spec.destination.create=false
the K8s Secret's lifecycle will no longer be tied to the VSO Secret* resource. That might be what you are after here?
Hi @mixolapmati - if you set
spec.destination.create=false
the K8s Secret's lifecycle will no longer be tied to the VSO Secret* resource. That might be what you are after here?
@benashz Hello. No. It does not. Secret must be changeable while vaultstaticsecret exists and I need retained secret after vaultstaticsecret was deleted.
Good to add retention option for destination secret
apiVersion: secrets.hashicorp.com/v1beta1 kind: VaultDynamicSecret metadata: name: vso-db-demo-create namespace: demo-ns spec: mount: demo-db path: creds/dev-postgres destination: create: true retain: true name: vso-db-demo-created
So, After deletion VaultStaticSecret or VaultDynamicSecret etc destination secrets should not be deleted to stay retained in system.