Skip to content

Track Secret data changes through a hash annotation#751

Merged
leochr merged 4 commits intomainfrom
resource-hash
Mar 2, 2026
Merged

Track Secret data changes through a hash annotation#751
leochr merged 4 commits intomainfrom
resource-hash

Conversation

@kabicin
Copy link
Copy Markdown
Collaborator

@kabicin kabicin commented Feb 19, 2026
edited by leochr
Loading

What this PR does / why we need it?:

  • Removes Secret resource version based tracking and uses hashes to track Secret changes through an annotation on the PodTemplateSpec.

Does this PR introduce a user-facing change?

  • User guide
  • CHANGELOG.md

OpenLiberty/open-liberty-operator#828

@leochr
Copy link
Copy Markdown
Member

leochr commented Mar 2, 2026

Kirby and I discussed the following and concluded no concerns:

  • The library that's being used to generate the hash doesn't provide a way to get the content from hash. As far as we are aware, there is no way to get content from hash. The hash differs significantly when the content changes slightly, which is good and avoid reverse-engineering content from hash.
  • The length of the hash doesn't grow with the content size, so no concern with running out of bounds for annotation.

leochr
leochr approved these changes Mar 2, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@leochr leochr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kabicin Looks good. Thank you.

@leochr leochr merged commit 1333e55 into main Mar 2, 2026
@leochr leochr deleted the resource-hash branch March 2, 2026 19:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@leochr leochr leochr approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kabicin @leochr