We're using the latest external secrets operator from external-secrets.io to get secrets from Vault and inject them into kubernetes. We had a situation where a Vault KV engine was upgraded from v1 to v2. This caused External Secrets to no longer be able to find the secrets in Vault, and as a result it replaced the values of all the k8s secrets with Null values (""). Needless to say, this isn't the type of behavior we necessarily want. Is there a way to prevent this from happening - ie. if ESO is having difficulty with Vault, can it be configured to avoid modifying existing k8s secrets?
Tags
Yes, I was working with an ESO developer this morning and it turns out this is a bug whose fix is being submitted here: https://github.com/external-secrets/external-secrets/pull/2455