You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When I use a PushSecret, the existing K8 secret is always base64 decoded and written to the vault in plain text.
I have some binary secrets that I need to store in base64-encoded in vault.
Possible solution
add decodingStrategy like in ExternalSecret to a PushSecret
---
apiVersion: external-secrets.io/v1alpha1
kind: PushSecret
metadata:
name: pushsecret-example-binary
namespace: example
spec:
refreshInterval: 10s
secretStoreRefs:
- name: vault
kind: SecretStore
selector:
secret:
name: example-binary-cert
data:
- match:
secretKey: ca.password
decodingStrategy: Base64 # decode the k8 secret and store the result as plain text in vault
remoteRef:
remoteKey: example/cert
property: ca.password
- match:
secretKey: ca.p12
decodingStrategy: None # don't decode the k8 secret and store the result base64 encoded in vault
remoteRef:
remoteKey: example/cert
property: ca.p12
- match:
secretKey: ca.crt
decodingStrategy: Base64 # decode the k8 secret and store the result as plain text in vault
remoteRef:
remoteKey: example/cert
property: ca.crt
The text was updated successfully, but these errors were encountered:
Once #2926 lands, you'll have the ability to do templating for push secret. As I understand it, templating provides b64dec. So you should be able to use that I think 🤔
Problem
When I use a PushSecret, the existing K8 secret is always base64 decoded and written to the vault in plain text.
I have some binary secrets that I need to store in base64-encoded in vault.
Possible solution
add decodingStrategy like in ExternalSecret to a PushSecret
The text was updated successfully, but these errors were encountered: