I believe within the code of the secretdefinition_controller reconcile function that the updates the the last sync status metric is in the wrong place.
When secrets-manager starts and secrets have already been reconciled the last sync success for these already existing secrets never gets set. They will only ever be set if you change the secret in the backend from that point forward.
All secretdefinitions are checked every few seconds to see if the secret need to be changed so even if it doesn't the metric should updated to say the last sync was successful.
I believe within the code of the secretdefinition_controller reconcile function that the updates the the last sync status metric is in the wrong place. When secrets-manager starts and secrets have already been reconciled the last sync success for these already existing secrets never gets set. They will only ever be set if you change the secret in the backend from that point forward. All secretdefinitions are checked every few seconds to see if the secret need to be changed so even if it doesn't the metric should updated to say the last sync was successful.