This post is hyper-specific but I am quite sure I’ll forget how to do it the next time it happens again, so I’m better off documenting it. External Secrets: External Secrets Operator is a Kubernetes operator that integrates external secret management systems like AWS Secrets Manager, HashiCorp Vault, Google Secrets Manager, Azure Key Vault, IBM Cloud Secrets Manager, CyberArk Secrets Manager, Pulumi ESC and many more. The operator reads information from external APIs and automatically injects the values into a Kubernetes Secret. Problem statement: a ClusterSecretStore is stuck on a past authentication failure long after the Vault-side config was fixed, and every ExternalSecret that references it reports SecretSyncedError: the desired SecretStore is not ready. Verify the store really is healthy now: shell % kubectl describe clustersecretstore external-secrets-vault-backend ... Status: Conditions: Last Transition Time: 2026-04-21T23:16:45Z # <- stale Message: unable to create client…
No comments yet. Log in to reply on the Fediverse. Comments will appear here.