How to force update the generated Secret when the value is changed in Vault?

ricoberger / vault-secrets-operator

Create Kubernetes secrets from Vault for a secure GitOps based workflow.

MIT License

633 stars 103 forks source link

How to force update the generated Secret when the value is changed in Vault? #239

Open MurzNN opened 11 months ago

MurzNN commented 11 months ago

I created a VaultSecret resource which successfully created the corresponding Secret with the correct value.

But when I update the value in the Vault, the created Secret still contains the previous value.

So, is there any way to force update a specific secret, to follow the changed value?

MurzNN commented 11 months ago

I see the vault.reconciliationTime value that can configure timeout when all secrets will be regenerated. But I don't want to "spam" my vault every xx minutes to update all passwords. I just want to trigger updating only one specific password, that is recently changed.

MurzNN commented 11 months ago

Maybe some webhook can be configured to trigger the synchronization of a Secret record, or the operator can subscribe to some events? Vault have an events system for this: https://developer.hashicorp.com/vault/docs/concepts/events