Closed signaleleven closed 3 years ago
isindir
commented
3 years ago It is an interesting request, which may potentially allow moving from one apiVersion to another as well as migrating secrets to/from sops-secrets-operator, I need time to think about it and perhaps read how that is implemented in sealed secrets.
isindir
commented
3 years ago @signaleleven moving from one apiVersion to another I have tried and documented in SopsSecret API and Operator Upgrade (there is still space to improve). But I think it is interesting feature and should not be too difficult to implement following what has been already done with Sealed Secrets - see below.
Putting as a reference for myself, their code:
isindir
commented
3 years ago This feature is implemented in chart version 0.9.1 and operator 0.3.1. The annotation in a target secret must be:
...
metadata:
annotations:
"sopssecret/managed": "true"
...Closing ticket.
Bitnami's sealed-secrets-controller allows to annotate existing secrets (that are generated by some other means) with an annotation that allows the controller to update them, overriding them
"sealedsecrets.bitnami.com/managed": "true"AFAICT, the only way to achieve this with sops-secrets-operator is to configure the ownership of the secret to the sopsecret in charge of managing it, but it's not as easy as a fixed label.
I'm able to workaround this (my situation is not ideal to begin with) but perhaps it's a use case that can be useful to others.
Feel free to close this issue if you think it's not something worth having.