Skip to content

another key secret is getting created after restoring from backup #1588

New issue
New issue
Open
Open
another key secret is getting created after restoring from backup#1588
Labels
triageIssues/PRs that need to be reviewed
@jenneron

Description

@jenneron
jenneron
opened on Aug 27, 2024

Which component:
controller

Describe the bug
After restoring from backup there are 2 secrets instead of 1, and it gets re-created after removing it

To Reproduce

  1. Get a secret backup:
kubectl get secret -n kube-system -l sealedsecrets.bitnami.com/sealed-secrets-key -o yaml >main.key
  1. Provision a new cluster and restore secret:
kubectl apply -f main.key
kubectl delete pod -n kube-system -l app.kubernetes.io/name=sealed-secrets

  1. Remove old secret created before restoring backup

  2. Restart pod

  3. See another secret getting created

jenneron@pc:~$ k get secret -n kube-system | grep sealed
sealed-secrets-keyqzkq8                kubernetes.io/tls    2      3d18h
sealed-secrets-keywhg68                kubernetes.io/tls    2      39d
sh.helm.release.v1.sealed-secrets.v1   helm.sh/release.v1   1      39d

You can delete it, but it gets re-created after restarting pod

Expected behavior

Possibility to properly back up and restore key used for encrypting secrets without introducing more keys as it makes further backups more complicated

Version of Kubernetes:

  • Output of kubectl version:
Client Version: v1.29.7
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.29.6+k3s2

Additional context

The main problem with this is that each backup/restore cycle requires +1 key to backup, and it is not possible to use older backup after restoring second time

Metadata

Metadata

Assignees

No one assigned

    Labels

    triageIssues/PRs that need to be reviewed

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions