argocd-vault-plugin icon indicating copy to clipboard operation
argocd-vault-plugin copied to clipboard
verified publisher icon argoproj-labs

AWSCURRENT should be default version when using AWS Secrets Manager

Open andrewhibbert opened this issue 2 years ago • 1 comments

Describe the bug

If you change a secret, it does not seem to go "Out of sync" and stays as AWSPREVIOUS unless you have #AWSCURRENT at the end of the secret. Ideally it should be AWSCURRENT by default

To Reproduce Steps to reproduce the behavior:

  • Create a secret in secrets manager
  • Refer to it in argocd (without #AWSCURRENT at the end)
  • Change it
  • It does not go "Out of sync"
  • Add #AWSCURRENT at the end of the secret path
  • It will go "Out of sync"

Expected behavior

Should default to AWSCURRENT and notice the secret change

andrewhibbert avatar Nov 24 '23 12:11 andrewhibbert

When you change the secret you have to do a hard refresh. It goes out of sync because you change the yaml triggering the out of sync.

we rely on aws secret manager to handle any defaults, we don’t set them.

werne2j avatar Nov 25 '23 04:11 werne2j