Closed devth closed 3 years ago
Odd, this section should be the only logic to encode before submitting to the Kubernetes API, but anecdotally I have seen this issue when working on adding GCP SecretManager support, although it appeared that the fix there was that the Google SDK was returning the contents base64'd.
End-to-end testing suite was recently added to this project, but currently only covers AWS SecretManager, we can re-check the AWS secret manager testing is verifying the content is not double base64 encoded and add testing for vault (https://github.com/itscontained/secret-manager/issues/20).
Added log at https://github.com/itscontained/secret-manager/blob/999e7d0a89f8fbcb5d2e3df11a3b75632f8024e0/pkg/internal/vault/vault.go#L150
Verified secret is not base64 encoded via logs:
Then looked at the K8S Secret that secret-manager created:
Then I went into controller.go and poked around. Removing base64 encoding like
secretDataMap[secretKey] = secretData
here fixed my problem: https://github.com/itscontained/secret-manager/blob/8ea959e349444cf020f546e0da4313f193948a03/pkg/controller/externalsecret/controller.go#L179-L180I also added logging to verify that the data wasn't already base64 encoded with:
which prints:
Running off my own docker image based on commit 999e7d0.
Ideas? 🤔