Add decoding Strategies to PushSecret

[pkr4711]

Problem

When I use a PushSecret, the existing K8 secret is always base64 decoded and written to the vault in plain text.
I have some binary secrets that I need to store in base64-encoded in vault.

Possible solution

add decodingStrategy like in ExternalSecret to a PushSecret

---
apiVersion: external-secrets.io/v1alpha1
kind: PushSecret
metadata:
  name: pushsecret-example-binary
  namespace: example
spec:
  refreshInterval: 10s
  secretStoreRefs:
    - name: vault
      kind: SecretStore
  selector:
    secret:
      name: example-binary-cert
  data:
    - match:
        secretKey: ca.password
        decodingStrategy: Base64        # decode the k8 secret and store the result as plain text in vault
        remoteRef:
          remoteKey: example/cert
          property: ca.password
    - match:
        secretKey: ca.p12
        decodingStrategy: None          # don't decode the k8 secret and store the result base64 encoded in vault
        remoteRef:
          remoteKey: example/cert
          property: ca.p12
    - match:
        secretKey:  ca.crt
        decodingStrategy: Base64        # decode the k8 secret and store the result as plain text in vault
        remoteRef:
          remoteKey: example/cert
          property: ca.crt

[Skarlso]

Once #2926 lands, you'll have the ability to do templating for push secret. As I understand it, templating provides b64dec. So you should be able to use that I think 🤔