Skip to content

feat(akeyless): add SecretStore ignoreCache to bypass Gateway cache#1

Open
baraka-akeyless wants to merge 1 commit into
mainfrom
feat/akeyless-ignore-cache
Open

feat(akeyless): add SecretStore ignoreCache to bypass Gateway cache#1
baraka-akeyless wants to merge 1 commit into
mainfrom
feat/akeyless-ignore-cache

Conversation

@baraka-akeyless

Copy link
Copy Markdown

Summary

  • Adds optional ignoreCache field to the Akeyless SecretStore / ClusterSecretStore provider spec
  • When true, ESO passes ignore-cache=true to Akeyless Gateway read APIs (get-secret-value, get-rotated-secret-value, get-certificate-value)
  • Aligns ESO behavior with the Akeyless Kubernetes Secrets Injector ignore_cache option

Motivation

When ESO syncs secrets through an Akeyless Gateway with proactive cache enabled, refreshed values may be stale until the Gateway cache expires. This flag lets operators bypass the Gateway cache and fetch the latest value from Akeyless SaaS on each sync.

Example

apiVersion: external-secrets.io/v1
kind: SecretStore
metadata:
  name: akeyless-gw
spec:
  provider:
    akeyless:
      akeylessGWApiURL: "https://your.akeyless.gw:8080/v2"
      ignoreCache: true
      authSecretRef:
        secretRef:
          accessID:
            name: akeyless-secret-creds
            key: accessId
          accessType:
            name: akeyless-secret-creds
            key: accessType
          accessTypeParam:
            name: akeyless-secret-creds
            key: accessTypeParam

Test plan

  • go test ./providers/v1/akeyless/... -run TestIgnoreCacheEnabled
  • Manual: create SecretStore with ignoreCache: true against Gateway, rotate secret in SaaS, verify ExternalSecret picks up new value on next sync without waiting for Gateway cache TTL

Made with Cursor

Expose ignoreCache on the Akeyless SecretStore provider so ESO can request
fresh secret values from SaaS when syncing through an Akeyless Gateway,
matching the Kubernetes Secrets Injector ignore_cache behavior.

Co-authored-by: Cursor <cursoragent@cursor.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant