Can ArgoCD read base64 encoded Cluster Secret?

[0xDones]

Hello there, I'm using kubernetes-external-secrets to inject secrets stored in external vaults into Kubernetes Secrets. The controller creates the secret in Secret's spec.data, base64 encoded. I would like to know if ArgoCD will be able to read from it and decode it as needed, because in the docs the example Secret is using stringData with plain text values.

[jannfis]

Hello @dpolicastro,

stringData is really just a helping shortcut that lets you create a secret without having to base64 encode the secret's data first. When you create a Secret with stringData instead of data, Kubernetes will base64 encode all values and replace stringData with data.

A simple example:

$ cat test-secret.yaml 
apiVersion: v1
kind: Secret
metadata:
  name: test-secret
stringData:
  testkey: testdata
$ kubectl apply -f test-secret.yaml 
secret/test-secret created
$ kubectl get secret test-secret -o jsonpath='{.data.testkey}' | base64 -d && echo
testdata

So long story, short answer: Yes, what you want to do is possible :)

[0xDones]

Thanks for clarifying!