Way to rebuild the secret when the credentials in the provider change?

[matteoolivi]

Hello, is there a way/recommendation to have the plugin re-generate or update the secret when the referenced credentials in the provider change?

I see that such a functionality might be out of scope for this tool, and is rather something which should be handled by the automation that uses it. But just wondering if you have any thoughts on this.

[bbl]

Hey! Thanks, that's a great question.

Maybe it makes sense to provide a detailed guide on usage patterns in combination with other tools.

E.g. We were using the plugin with ArgoCD. It regenerates the configuration every N minutes and shows the diff.

[matteoolivi]

Maybe it makes sense to provide a detailed guide on usage patterns in combination with other tools.

That'd be great.

E.g. We were using the plugin with ArgoCD. It regenerates the configuration every N minutes and shows the diff.

So what you do is configure ArgoCD to resync everything every X minutes, and in doing so it also re-generates the credentials by reading the secrets from the provider (via the kustomize plugin) - and applies the new manifests in the cluster.
I assume you're not even using the ArgoCD plugin for the provider (e.g. vault) as it's superfluous, it's all taken care of by secretize. Is that right?