I have been struggling with this issue for the past 2 days and I'm stuck. I'm using External Secrets Operator to obtain secrets from Vault: https://external-secrets.io/
It seems ExternalSecret is not creating the secret. This is my yaml file:
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: ape-external-secrets
namespace: ape-test
spec:
data:
- remoteRef:
secretKey: secret-ape-username
key: secret-ape
property: secret-ape-username
- remoteRef:
secretKey: secret-ape-password
key: secret-ape
property: secret-ape-password
refreshInterval: 1h
secretStoreRef:
kind: SecretStore
name: ape-vault-eso
target:
creationPolicy: Owner
name: secret-ape
The error given by ExternalSecret K8s object is: secret not found
I looked and indeed there is no secret-ape secret created.
For Secret Store, I'm using the K8s authentication method to obtain credentials from Vault:
apiVersion: external-secrets.io/v1beta1
kind: SecretStore
metadata:
name: ape-vault-eso
namespace: ape-test
spec:
provider:
vault:
auth:
kubernetes:
mountPath: k8s-dv1
role: ape-app-kv-ro
serviceAccountRef:
name: ape-svc-dv
path: kv/secret-ape
server: 'https://dv-vault.xyz.local'
version: v2
No error is given by the SecretStore so it looks like it is validated properly. Message is store validated
I'm deploying both of these via ArgoCD. Any insights into what I may be doing wrong? From the documentation here, it says ExternalSecrets object should create the secret.