1Password
Add custom annotations to Secrets
Summary
Provide a way to add custom annotations to Secrets.
Use cases
I need to create a webhook to execute certain actions when a Secret is modified. I need some additional information to decide what do to. Annotations would be the best way to pass that information.
Proposed solution
The implementation has been added and removed in the last months. It should be basically reverting this PR: https://github.com/1Password/onepassword-operator/pull/104 or reimplementing it only copying specific annotations, prefixed in a certain way or something similar.
Is there a workaround to accomplish this today?
Not that I'm aware of. The only way to pass additional information is to use the Secret name, but the character limit doesn't allow me to achieve what I want.
Actually, because of that, we cannot use 1Password in our integration, as some of the components are expecting particular annotations. If you don't want to copy generated annotations as mentioned in #104, then please do something like:
apiVersion: onepassword.com/v1
kind: OnePasswordItem
metadata:
name: some-secret
namespace: exampe
spec:
template:
metadata:
annotations:
example-annotation: that-will-be-propagated-to-secret
itemPath: vaults/exampe/items/some-secret
type: kubernetes.io/dockerconfigjson
Similarly, labels can be moved, but please do that with a deprecation period.
Also, please take a look at how https://github.com/bitnami-labs/sealed-secrets is handling it.
Hi guys,
Is there a way now to add annotaions to secrets? Or is there roadmap when it should be added?
Regards!
Hey folks! 👋
Thank you for raising this and for your patience!
I can see this being a useful thing to have based on the use cases presented in this issue, as well as the ones presented in #144.
I will raise this with the team to further investigate how we want to bring this functionality back while avoiding the concerns that were addressed with #104.
