Add labels to target Secrets created by secrets-manager operator

[slopezz]

We have been using secrets-manager operator for a while to sync our Secrets from Vault with no issues (gitops philosohy).

Now we are using prometheus-operator with an additional scraping config in a Secret object, and we wanted to use secrets-manager operator to manage it (like a normal Secret).

The problem we have right now is that we need to add a specific label to the final Secret that prometheus-operator instance uses to scrape resources (in that case scrape Secrets with additional scraper configs).

We have checked the docs/code of secrets-manager operator, and we haven't seen how to set labels for target Secrets created by secrets-manager (a part from lastUpdatedAt and managedBy labels).

We wonder if there is any way to:

• Add labels for target secrets on SecretDefinition spec?
• Or maybe use SecretDefinition possible labels (if they exist) to add them to target Secrets ?

Thanks in advance!

[ryanewk]

it would also be useful if annotations on the SecretDefinition could be propagated down to the generated secret. To satisfy this use case (for example): https://github.com/tektoncd/pipeline/blob/master/docs/auth.md#guiding-credential-selection

[raelga]

+1 to this issue.

We are using SecretDefinitions for ArgoCD cluster secrets. Those secrets are filtered by the argo server by using argocd.argoproj.io/secret-type: cluster label.