vault-secrets-operator icon indicating copy to clipboard operation
vault-secrets-operator copied to clipboard
verified publisher icon hashicorp

Add retention option for destination secrets

Open mixolapmati opened this issue 2 years ago • 2 comments

Good to add retention option for destination secret

apiVersion: secrets.hashicorp.com/v1beta1 kind: VaultDynamicSecret metadata: name: vso-db-demo-create namespace: demo-ns spec: mount: demo-db path: creds/dev-postgres destination: create: true retain: true name: vso-db-demo-created

So, After deletion VaultStaticSecret or VaultDynamicSecret etc destination secrets should not be deleted to stay retained in system.

mixolapmati avatar Nov 15 '23 08:11 mixolapmati

Hi @mixolapmati - if you set spec.destination.create=false the K8s Secret's lifecycle will no longer be tied to the VSO Secret* resource. That might be what you are after here?

benashz avatar Dec 05 '23 12:12 benashz

Hi @mixolapmati - if you set spec.destination.create=false the K8s Secret's lifecycle will no longer be tied to the VSO Secret* resource. That might be what you are after here?

@benashz Hello. No. It does not. Secret must be changeable while vaultstaticsecret exists and I need retained secret after vaultstaticsecret was deleted.

mixolapmati avatar Dec 05 '23 14:12 mixolapmati