You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If I create a new version of this secret in Vault, VSO correctly updates to the new version and restarts the grafana deployment. Great!
But when I delete the new version of the secret in Vault, VSO does not revert to the previous version. Instead, it wipes the existing data from the Kubernetes Secret and restarts the Grafana deployment, making it fail because of the now missing data.
The updated Secret after deleting the version in Vault contains only this data:
Describe the bug
I use a VaultStaticSecret to retrieve the latest version of a secret stored in Vault by omitting the
version
attrbute:If I create a new version of this secret in Vault, VSO correctly updates to the new version and restarts the
grafana
deployment. Great!But when I delete the new version of the secret in Vault, VSO does not revert to the previous version. Instead, it wipes the existing data from the Kubernetes
Secret
and restarts the Grafana deployment, making it fail because of the now missing data.The updated
Secret
after deleting the version in Vault contains only this data:Expected behavior
I would expect VSO to revert to the latest non-deleted version of the vault secret.
Environment
Additional context
It is debatable if this is even a bug. This seems to be the default behavior of the Vault API when omitting the
version
parameter. See https://discuss.hashicorp.com/t/kv-v2-destroyed-secret-version-still-marked-as-current/9780But I still think VSO should handle this better.
The text was updated successfully, but these errors were encountered: