IBM-Cloud-Secret-Manager Arbitrary secret creating with wrong indentation

[chokhareganesh]

Hi Team,
I have followed https://github.com/ibm-cloud-docs/secrets-manager/blob/9d95ea9a8a94dbab7ce40fc56775fa277ccbe3c3/tutorials/kubernetes-secrets.md
for integrating secret with Kubernetes cluster,

I have created a secret type as Arbitrary secret but when I access this secret inside K8S cluster its not preserving secret indentation/format

1. secret I have created Arbitrary secret inside secret-manager (YAML object)

route:
  receiver: "watchdog"
  group_by: [ 'alertname', 'cluster', 'service' ]
  routes:
    - match:
        alertname: Watchdog
      receiver: "watchdog"
    - receiver: "slack_pagerduty"
receivers:
  - name: watchdog
  - name: slack_pagerduty
    slack_configs:
      - channel: #test
        api_url: https://hooks.slack.com/
        title: "{{ range .Alerts }}{{ .Annotations.summary }}\n{{ end }}"
        text: "{{ range .Alerts }}{{ .Annotations.description }}\n{{ end }}"
        send_resolved: true
    pagerduty_configs:
      - service_key: test-pager-key

2. I have created external secret for above object inside K8s cluster
3. The secret will look like as

{"payload":"route:\n  receiver: \"watchdog\"\n  group_by: [ 'alertname', 'cluster', 'service' ]\n  routes:\n    - match:\n        alertname: Watchdog\n      receiver: \"watchdog\"\n    - receiver: \"slack_pagerduty\"\nreceivers:\n  - name: watchdog\n  - name: slack_pagerduty\n    slack_configs:\n      - channel: #test\n        api_url: https://hooks.slack.com/\n        title: \"{{ range .Alerts }}{{ .Annotations.summary }}\\n{{ end }}\"\n        text: \"{{ range .Alerts }}{{ .Annotations.description }}\\n{{ end }}\"\n        send_resolved: true\n    pagerduty_configs:\n      - service_key: test-pager-key"}

---

questions:

1. why its created as json rater than yaml ? it not make any sense as it converting to json
2. If I want to store as YAML how to use secrete manager for YAML configuration file ? I want to create exact same secret with same value which I stored inside Secret-Manager

[chokhareganesh]

Hi @Flydiverny we need your help here, Thanks

[philippselle]

Hi @chokhareganesh
If you use external secret as follows:

apiVersion: kubernetes-client.io/v1
kind: ExternalSecret
metadata:
  name: arbitrary-secret
spec:
  backendType: ibmcloudSecretsManager
  data:
    - key: <secret-id>
      name: example
      property: payload
      secretType: arbitrary

You will get a secret, which contains your yaml input (even with the same indentation).

[philippselle]

$ oc get secret arbitrary-secret -oyaml
apiVersion: v1
data:
  example: cm91dGU6CiAgcmVjZWl2ZXI6ICJ3YXRjaGRvZyIKICBncm91cF9ieTogWyAnYWxlcnRuYW1lJywgJ2NsdXN0ZXInLCAnc2VydmljZScgXQogIHJvdXRlczoKICAgIC0gbWF0Y2g6CiAgICAgICAgYWxlcnRuYW1lOiBXYXRjaGRvZwogICAgICByZWNlaXZlcjogIndhdGNoZG9nIgogICAgLSByZWNlaXZlcjogInNsYWNrX3BhZ2VyZHV0eSIKcmVjZWl2ZXJzOgogIC0gbmFtZTogd2F0Y2hkb2cKICAtIG5hbWU6IHNsYWNrX3BhZ2VyZHV0eQogICAgc2xhY2tfY29uZmlnczoKICAgICAgLSBjaGFubmVsOiAjdGVzdAogICAgICAgIGFwaV91cmw6IGh0dHBzOi8vaG9va3Muc2xhY2suY29tLwogICAgICAgIHRpdGxlOiAie3sgcmFuZ2UgLkFsZXJ0cyB9fXt7IC5Bbm5vdGF0aW9ucy5zdW1tYXJ5IH19XG57eyBlbmQgfX0iCiAgICAgICAgdGV4dDogInt7IHJhbmdlIC5BbGVydHMgfX17eyAuQW5ub3RhdGlvbnMuZGVzY3JpcHRpb24gfX1cbnt7IGVuZCB9fSIKICAgICAgICBzZW5kX3Jlc29sdmVkOiB0cnVlCiAgICBwYWdlcmR1dHlfY29uZmlnczoKICAgICAgLSBzZXJ2aWNlX2tleTogdGVzdC1wYWdlci1rZXk=
kind: Secret
metadata:
  name: arbitrary-secret
  namespace: default
type: Opaque

$ echo cm91dGU6CiAgcmVjZWl2ZXI6ICJ3YXRjaGRvZyIKICBncm91cF9ieTogWyAnYWxlcnRuYW1lJywgJ2NsdXN0ZXInLCAnc2VydmljZScgXQogIHJvdXRlczoKICAgIC0gbWF0Y2g6CiAgICAgICAgYWxlcnRuYW1lOiBXYXRjaGRvZwogICAgICByZWNlaXZlcjogIndhdGNoZG9nIgogICAgLSByZWNlaXZlcjogInNsYWNrX3BhZ2VyZHV0eSIKcmVjZWl2ZXJzOgogIC0gbmFtZTogd2F0Y2hkb2cKICAtIG5hbWU6IHNsYWNrX3BhZ2VyZHV0eQogICAgc2xhY2tfY29uZmlnczoKICAgICAgLSBjaGFubmVsOiAjdGVzdAogICAgICAgIGFwaV91cmw6IGh0dHBzOi8vaG9va3Muc2xhY2suY29tLwogICAgICAgIHRpdGxlOiAie3sgcmFuZ2UgLkFsZXJ0cyB9fXt7IC5Bbm5vdGF0aW9ucy5zdW1tYXJ5IH19XG57eyBlbmQgfX0iCiAgICAgICAgdGV4dDogInt7IHJhbmdlIC5BbGVydHMgfX17eyAuQW5ub3RhdGlvbnMuZGVzY3JpcHRpb24gfX1cbnt7IGVuZCB9fSIKICAgICAgICBzZW5kX3Jlc29sdmVkOiB0cnVlCiAgICBwYWdlcmR1dHlfY29uZmlnczoKICAgICAgLSBzZXJ2aWNlX2tleTogdGVzdC1wYWdlci1rZXk= | base64 --decode
route:
  receiver: "watchdog"
  group_by: [ 'alertname', 'cluster', 'service' ]
  routes:
    - match:
        alertname: Watchdog
      receiver: "watchdog"
    - receiver: "slack_pagerduty"
receivers:
  - name: watchdog
  - name: slack_pagerduty
    slack_configs:
      - channel: #test
        api_url: https://hooks.slack.com/
        title: "{{ range .Alerts }}{{ .Annotations.summary }}\n{{ end }}"
        text: "{{ range .Alerts }}{{ .Annotations.description }}\n{{ end }}"
        send_resolved: true
    pagerduty_configs:
      - service_key: test-pager-key

[github-actions]

This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 30 days.

[github-actions]

This issue was closed because it has been stalled for 30 days with no activity.