external-secrets: external secret template not rendering when using helm charts
When attempting to sync my docker config json from aws secrets manager following the docs, I always get the error
Secret "docker-registry" is invalid: data[.dockerconfigjson]: Invalid value: "<secret contents redacted>": invalid character '<' looking for beginning of value
The external secret:
apiVersion: external-secrets.io/v1alpha1
kind: ExternalSecret
metadata:
name: docker-registry
namespace: default
spec:
refreshInterval: 1m
secretStoreRef:
name: aws-secrets-manager
kind: ClusterSecretStore
target:
name: docker-registry
creationPolicy: Owner
template:
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: "{{ .mysecret | toString }}"
data:
- secretKey: mysecret
remoteRef:
key: docker-registry
It appears that the variable mysecret is always nil as shown in the described output of the failing external secret:
Target:
Creation Policy: Owner
Name: docker-registry
Template:
Data:
.dockerconfigjson: <nil>
Engine Version: v1
Type: kubernetes.io/dockerconfigjson
I have checked my secret in aws secrets manager many times to confirm it is in the expected form of the docker config json:
{
"auths": {
"https://index.docker.io/v1/": {
"auth": "base64 encoded string"
}
}
}
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Comments: 32 (17 by maintainers)
I think putting this in the docs would be wise. With how widely used helm is, seems like this is going to happen to a lot of people and it would save others lots of time. Either way appreciate the help on this. The templating feature is very nice.
@degibenz you seem to use helm, i think this is the issue here. Can you try to escape the template like this:
Glad to hear that, closing this issue then. Feel free to reopen.
I don’t see the need to add that explicitly to the docs as this is a helm-specific issue.