Secrets used as input resources are double base64 encoded when used in stringData #445
Description
What steps did you take:
- Author a new SecretTemplate that uses stringData to build a multiline secret
- Specify inputResources that are of kind Secret
- Reference the inputResources in the stringData field
- Apply the SecretTemplate
Example:
apiVersion: secretgen.carvel.dev/v1alpha1
kind: SecretTemplate
metadata:
name: my-templated-secret
spec:
inputResources:
- name: my-input-secret
ref:
apiVersion: v1
kind: Secret
name: a-password-secret
template:
stringData:
config: |
#This is an example
someKey = $(.my-input-secret.data.password)
What happened:
The values from the password secret were retrieved (base64 encoded) and added to the secret, the resulting string in the stringData field was then base64 encoded again. Meaning when my application decodes the templated secret, it doesn't contain the password, but rather the base64 contents of the original secrets. This makes the templated secret unusable.
What did you expect:
I expected the values to be base64 decoded so that my application could use them.
Anything else you would like to add:
Environment:
- secretgen-controller version: v0.14.8
- Kubernetes version: v1.24.15
Vote on this request
This is an invitation to the community to vote on issues, to help us prioritize our backlog. Use the "smiley face" up to the right of this comment to vote.
👍 "I would like to see this addressed as soon as possible"
👎 "There are other more important things to focus on right now"
We are also happy to receive and review Pull Requests if you want to help working on this issue.
Metadata
Assignees
Labels
Type
Projects
Status
Prioritized Backlog