You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've been trying to integrate SOPS to Kustomize Controller. The secret provider of our choice is Hashicorp Vault.
I have been following the documentation specified here: https://fluxcd.io/flux/guides/mozilla-sops/
Kustomization is already created, I've specified decryption provider as sops and referenced a secret for credentials. Following documentation, the secret is specified in the following format:
However, it seems that the kustomize controller does not accept the token, and I see the following error output:
Secret/sops-secrets-test/test-sops dry-run failed: failed to convert new object (sops-secrets-test/test-sops; /v1, Kind=Secret) to proper version: unable to convert unstructured object to /v1, Kind=Secret: error decoding from json: illegal base64 data at input byte 4
It seems that the issue might be that the controller accepts only alphanumeric characters. Our Vault token though has a format of hvs.<TOKEN>.
I've tried using stringData with unencoded token, but I have the same issue. If I use stringData with base64 encrypted token however, the kustomize controller does not have problems with it, however, the token does not work (as it accepts token as a plain string and does not decode it afterwards).
Just wanted to confirm, is this behavior expected? And do you have any suggestions on how I can work around this issue?
Thanks in advance!
The text was updated successfully, but these errors were encountered:
Hi!
Kustomize Controller version: v1.2.2
I've been trying to integrate SOPS to Kustomize Controller. The secret provider of our choice is Hashicorp Vault.
I have been following the documentation specified here: https://fluxcd.io/flux/guides/mozilla-sops/
Kustomization is already created, I've specified decryption provider as sops and referenced a secret for credentials. Following documentation, the secret is specified in the following format:
I've also tried creating a secret using this code snippet (also from the docs)
However, it seems that the kustomize controller does not accept the token, and I see the following error output:
Secret/sops-secrets-test/test-sops dry-run failed: failed to convert new object (sops-secrets-test/test-sops; /v1, Kind=Secret) to proper version: unable to convert unstructured object to /v1, Kind=Secret: error decoding from json: illegal base64 data at input byte 4It seems that the issue might be that the controller accepts only alphanumeric characters. Our Vault token though has a format of hvs.<TOKEN>.
I've tried using stringData with unencoded token, but I have the same issue. If I use stringData with base64 encrypted token however, the kustomize controller does not have problems with it, however, the token does not work (as it accepts token as a plain string and does not decode it afterwards).
Just wanted to confirm, is this behavior expected? And do you have any suggestions on how I can work around this issue?
Thanks in advance!
The text was updated successfully, but these errors were encountered: