[Question] AWS SecretsManager Push Whole Secret

[eternalyperplxed]

Is pushing an entire secret to AWS Secrets Manager supported? I'm currently on version 0.9.17 and using the following configuration:

kind: PushSecret
metadata:
  name: aws-sync
  namespace: my-namespace
spec:
  deletionPolicy: Delete
  secretStoreRefs: 
    - name: aws
      kind: ClusterSecretStore
  selector:
    secret:
      name: foo
  data:
    - match:
        remoteRef:
          remoteKey: foo

I'm getting this error:

set secret failed: could not write remote ref to target secretstore aws: pushing the whole secret is not yet implemented

Is there a version where this has been implemented?

[Skarlso]

Hello!

Yes, currently, it's not implemented.

func (sm *SecretsManager) PushSecret(ctx context.Context, secret *corev1.Secret, psd esv1beta1.PushSecretData) error {
	if psd.GetSecretKey() == "" {
		return errors.New("pushing the whole secret is not yet implemented")
	}

Provider features are community driven. If there is a need for it, anyone can take a stab at trying to implement it.

If you don't want to, or can't for some reason, the maintainers will maybe eventually get to it, but there is no guarantee. The priority is based on user engagement.

[eternalyperplxed]

Ok, I'll open a feature request for this. Appreciate the quick response and code snippet.

[newtondev]

@eternalyperplxed please reference the feature request, I have some capacity to work on this.

[Skarlso]

The "feature request" is this issues technically. :) There is nothing else.

[shiyuhang0]

using v0.14.3, also needs this feature.

@Skarlso Since this is not implemented, I think it is better to fix the doc here: https://external-secrets.io/main/guides/pushsecrets/#2-by-leaving-off-the-secret-key-but-setting-the-remote-property-option

[Skarlso]

I'll see what I can do about it.

[Skarlso]

Should be done now. With next release. :)