chore(deps): update external-secrets docker tag to v0.14.3

[renovate]

This PR contains the following updates:

Package	Update	Change
external-secrets	minor	0.10.4 -> 0.14.3

---

Release Notes

external-secrets/external-secrets (external-secrets)

v0.14.3

Compare Source

Image: ghcr.io/external-secrets/external-secrets:v0.14.3
Image: ghcr.io/external-secrets/external-secrets:v0.14.3-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.14.3-ubi-boringssl

What's Changed

• chore: update helm charts to v0.14.2 by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4425
• docs: add a link to the cncf calendar for the community meeting by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4431
• doc: revise and enhance Google Secret Manager authentication by @​ionicsolutions in https://github.com/external-secrets/external-secrets/pull/4430
• chore(deps): bump goreleaser/goreleaser-action from 6.1.0 to 6.2.1 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4434
• chore(deps): bump alpine from 3.21.2 to 3.21.3 in /e2e by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4435
• chore(deps): bump mkdocs-material from 9.6.3 to 9.6.4 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4437
• chore(deps): bump alpine from 56fa17d to a8560b3 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4438
• chore(deps): bump alpine from 56fa17d to a8560b3 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4442
• docs: add examples of Governance document being applied for members joining by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4450
• Make generator state commit err visible to the user / fix handling of empty state by @​moolen in https://github.com/external-secrets/external-secrets/pull/4451
• chore(deps): bump golangci/golangci-lint-action from 6.3.1 to 6.5.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4433
• chore: update dependencies by @​eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/4443
• Fix: add coversion hook to steps to disable webhook by @​matt-matt-tmatt in https://github.com/external-secrets/external-secrets/pull/4453
• fix: update helm chart tests by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4454
• fix: Update Helm Readme For Log Params by @​peterswica in https://github.com/external-secrets/external-secrets/pull/4457
• Gc/feat/GitHub provider by @​gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/4459
• update: update Kubernetes tags for vault provider and change path default by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4452
• chore(deps): bump mkdocs-material from 9.6.4 to 9.6.5 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4466
• fix: github secrets not creating new secrets by @​gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/4472
• fix: panic on parameterstore.go by @​gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/4471
• chore(deps): bump sigstore/cosign-installer from 3.8.0 to 3.8.1 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4462
• chore(deps): bump actions/cache from 4.2.0 to 4.2.1 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4463
• chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4464
• chore(deps): bump github/codeql-action from 3.28.9 to 3.28.10 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4465
• chore: update dependencies by @​eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/4468
• chore: update helm test for github by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4475
• feat: 1password find by tags by @​gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/4476

New Contributors

• @​matt-matt-tmatt made their first contribution in https://github.com/external-secrets/external-secrets/pull/4453

Full Changelog: external-secrets/external-secrets@v0.14.2...v0.14.3

v0.14.2

Compare Source

Image: ghcr.io/external-secrets/external-secrets:v0.14.2
Image: ghcr.io/external-secrets/external-secrets:v0.14.2-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.14.2-ubi-boringssl

What's Changed

• chore: release v0.14.1 helm by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4401
• fix: skip injecting service and cert if conversion is disabled by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4362
• feat: add crd compliance tests by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4390
• feat: add PushSecret ability to the webhook provider by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4360
• docs: fix typo in the AWS Secrets manager provider docs by @​robertmarsal in https://github.com/external-secrets/external-secrets/pull/4403
• feat(chart): add support for revisionHistoryLimit on the cert by @​knechtionscoding in https://github.com/external-secrets/external-secrets/pull/4292
• fix: add push secret refreshInterval defaulting by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4404
• fix: Improved error message for unsupported secret store kind by @​peterswica in https://github.com/external-secrets/external-secrets/pull/4398
• chore(deps): bump golang from 1.23.5-bookworm to 1.23.6-bookworm in /e2e by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4414
• chore(deps): bump golang from 1.23.5 to 1.23.6 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4407
• chore(deps): bump mkdocs-material from 9.6.1 to 9.6.3 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4408
• chore(deps): bump github/codeql-action from 3.28.8 to 3.28.9 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4409
• chore(deps): bump docker/setup-qemu-action from 3.3.0 to 3.4.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4410
• chore(deps): bump sigstore/cosign-installer from 3.7.0 to 3.8.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4411
• chore(deps): bump docker/setup-buildx-action from 3.8.0 to 3.9.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4412
• chore(deps): bump golangci/golangci-lint-action from 6.2.0 to 6.3.1 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4413
• Add more flexibility to webhook service by @​ksangers in https://github.com/external-secrets/external-secrets/pull/4402
• kubernetes provider documentation - Added section explaining how to create shared secret without cluster wide access by @​renepupil in https://github.com/external-secrets/external-secrets/pull/4418
• doc: enhance best practices for cluster-wide resources reconciliation by @​ionicsolutions in https://github.com/external-secrets/external-secrets/pull/4423
• fix: ignore NoSecretErr in generator state by @​moolen in https://github.com/external-secrets/external-secrets/pull/4422
• chore: update go version to 1.23.6 by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4420

New Contributors

• @​robertmarsal made their first contribution in https://github.com/external-secrets/external-secrets/pull/4403
• @​knechtionscoding made their first contribution in https://github.com/external-secrets/external-secrets/pull/4292
• @​peterswica made their first contribution in https://github.com/external-secrets/external-secrets/pull/4398
• @​ksangers made their first contribution in https://github.com/external-secrets/external-secrets/pull/4402
• @​renepupil made their first contribution in https://github.com/external-secrets/external-secrets/pull/4418
• @​ionicsolutions made their first contribution in https://github.com/external-secrets/external-secrets/pull/4423

Full Changelog: external-secrets/external-secrets@v0.14.1...v0.14.2

v0.14.1

Compare Source

Image: ghcr.io/external-secrets/external-secrets:v0.14.1
Image: ghcr.io/external-secrets/external-secrets:v0.14.1-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.14.1-ubi-boringssl

What's Changed

• Implement SecretExists in AWS ParameterStore by @​amirahav in https://github.com/external-secrets/external-secrets/pull/4377
• fix: the esoctl tooling website was not working by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4383
• chore: release v0.14.0 helm by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4385
• docs: fix typo in templating guide by @​sboschman in https://github.com/external-secrets/external-secrets/pull/4387
• Added additional validation for a usecase where a namespace is provided for SecretStore CAprovider by @​alekc in https://github.com/external-secrets/external-secrets/pull/4359
• docs(typo): Update doc references from BitWarden to Bitwarden. by @​mimartin12 in https://github.com/external-secrets/external-secrets/pull/4388
• feat: Merging metrics and service monitor services by @​remyj38 in https://github.com/external-secrets/external-secrets/pull/4356
• feat: allow accessing original Vault response from VaultDynamicSecret by @​m1so in https://github.com/external-secrets/external-secrets/pull/4358
• fix: Fix typo that prevents the Password ClusterGenerator from working by @​edeustua in https://github.com/external-secrets/external-secrets/pull/4389

New Contributors

• @​amirahav made their first contribution in https://github.com/external-secrets/external-secrets/pull/4377
• @​mimartin12 made their first contribution in https://github.com/external-secrets/external-secrets/pull/4388
• @​remyj38 made their first contribution in https://github.com/external-secrets/external-secrets/pull/4356
• @​m1so made their first contribution in https://github.com/external-secrets/external-secrets/pull/4358
• @​edeustua made their first contribution in https://github.com/external-secrets/external-secrets/pull/4389

Full Changelog: external-secrets/external-secrets@v0.14.0...v0.14.1

v0.14.0

Compare Source

Potential Breaking Change

Stateful Generators have been introduced with:

• feat: introduce state for generator and new grafana SA generator by @​moolen in https://github.com/external-secrets/external-secrets/pull/4203.

While normally this isn't a problem, external secrets controller and push secrets controller have been changed.

If any normal operation that should work encounters a problem, please don't hesitate to open an issue. Please also include that the problem appeared after switching to this version. Thank you!

Image: ghcr.io/external-secrets/external-secrets:v0.14.0
Image: ghcr.io/external-secrets/external-secrets:v0.14.0-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.14.0-ubi-boringssl

What's Changed

• chore: release v0.13.0 helm by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4322
• fix: documentation and naming for render tool by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4324
• fix: security issues with esoctl release action by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4325
• sonar: ignore duplication warnings in test files by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4320
• fix: sonar ignore duplication warning in test files only by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4329
• fix: sonar configs by @​thesuperzapper in https://github.com/external-secrets/external-secrets/pull/4334
• feat: column storeType by @​brenob6 in https://github.com/external-secrets/external-secrets/pull/4337
• fix: retry failed reconciles much less aggressively by @​thesuperzapper in https://github.com/external-secrets/external-secrets/pull/4339
• chore(deps): bump pymdown-extensions from 10.14 to 10.14.1 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4341
• chore(deps): bump importlib-metadata from 8.5.0 to 8.6.1 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4342
• chore(deps): bump helm/chart-releaser-action from 1.6.0 to 1.7.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4343
• chore(deps): bump actions/setup-go from 5.2.0 to 5.3.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4344
• chore(deps): bump actions/stale from 9.0.0 to 9.1.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4345
• chore(deps): bump fossas/fossa-action from 1.4.0 to 1.5.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4346
• chore(deps): bump anchore/sbom-action from 0.17.9 to 0.18.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4347
• chore(deps): bump golang from 47d3375 to 47d3375 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4348
• chore: update dependencies by @​eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/4350
• Adding prerequisites and a glossary to the documentation by @​CarolCoCe in https://github.com/external-secrets/external-secrets/pull/4299
• fix: security issues with esoctl release action take 2 by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4326
• Fix passbolt refreshInterval by @​cedricalfonsi in https://github.com/external-secrets/external-secrets/pull/4353
• feat: add API version parameter to BeyondTrust Provider by @​btfhernandez in https://github.com/external-secrets/external-secrets/pull/4354
• feat: introduce state for generator and new grafana SA generator by @​moolen in https://github.com/external-secrets/external-secrets/pull/4203
• doc: link to the CNCF code of conduct by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4364
• chore(deps): bump ubi8/ubi from 2e863fb to 881aaf5 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4365
• chore(deps): bump actions/attest-build-provenance from 2.1.0 to 2.2.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4366
• chore(deps): bump helm/chart-testing-action from 2.6.1 to 2.7.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4367
• chore(deps): bump codecov/codecov-action from 5.1.2 to 5.3.1 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4369
• chore(deps): bump github/codeql-action from 3.28.1 to 3.28.8 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4370
• chore(deps): bump babel from 2.16.0 to 2.17.0 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4371
• chore(deps): bump certifi from 2024.12.14 to 2025.1.31 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4372
• chore(deps): bump pymdown-extensions from 10.14.1 to 10.14.3 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4373
• chore(deps): bump mkdocs-material from 9.5.50 to 9.6.1 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4374
• chore(deps): bump actions/setup-python from 5.3.0 to 5.4.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4368
• fix: gitlab group variable regression by @​babs in https://github.com/external-secrets/external-secrets/pull/4379

New Contributors

• @​brenob6 made their first contribution in https://github.com/external-secrets/external-secrets/pull/4337
• @​CarolCoCe made their first contribution in https://github.com/external-secrets/external-secrets/pull/4299
• @​cedricalfonsi made their first contribution in https://github.com/external-secrets/external-secrets/pull/4353
• @​babs made their first contribution in https://github.com/external-secrets/external-secrets/pull/4379

Full Changelog: external-secrets/external-secrets@v0.13.0...v0.14.0

v0.13.0

Compare Source

Image: ghcr.io/external-secrets/external-secrets:v0.13.0
Image: ghcr.io/external-secrets/external-secrets:v0.13.0-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.13.0-ubi-boringssl

BREAKING CHANGES

https://github.com/external-secrets/external-secrets/pull/4262 introduces a breaking change in the METADATA structure for the AWS PARAMETER STORE.

The old metadata structure changed to this new structure described here: https://external-secrets.io/latest/provider/aws-parameter-store/#additional-metadata-for-pushsecret

It looks like this:

metadata:
        apiVersion: kubernetes.external-secrets.io/v1alpha1
        kind: PushSecretMetadata
        spec:
          secretType: SecureString
          kmsKeyID: bb123123-b2b0-4f60-ac3a-44a13f0e6b6c
          tier:
            type: Advanced # default is Standard
            policies:
              - type: "Expiration"
                version: "1.0"
                attributes:
                  timestamp: "2024-12-02T21:34:33.000Z"
              - type: "ExpirationNotification"
                version: "1.0"
                attributes:
                  before: "2"
                  unit: "Days"
              - type: "ExpirationNotification"
                version: "1.0"
                attributes:
                  before: "30"
                  unit: "Days"
              - type: "NoChangeNotification"
                version: "1.0"
                attributes:
                  after: "30"
                  unit: "Days"

What's Changed

• chore: release v0.12.1 by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4250
• chore(deps): bump codecov/codecov-action from 5.1.1 to 5.1.2 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4236
• chore(deps): bump docker/setup-buildx-action from 3.7.1 to 3.8.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4237
• chore(deps): bump github/codeql-action from 3.27.9 to 3.28.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4238
• chore(deps): bump mkdocs-material from 9.5.48 to 9.5.49 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4240
• chore(deps): bump livereload from 2.7.0 to 2.7.1 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4241
• chore(deps): bump urllib3 from 2.2.3 to 2.3.0 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4242
• chore(deps): bump click from 8.1.7 to 8.1.8 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4243
• chore(deps): bump jinja2 from 3.1.4 to 3.1.5 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4244
• chore(deps): bump helm/kind-action from 1.10.0 to 1.12.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4249
• chore: update dependencies by @​eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/4246
• chore(deps): bump golang from 6c5c959 to 6c5c959 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4255
• chore(deps): bump charset-normalizer from 3.4.0 to 3.4.1 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4256
• chore(deps): bump pymdown-extensions from 10.12 to 10.13 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4257
• chore(deps): bump softprops/action-gh-release from 2.1.0 to 2.2.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4258
• chore(deps): bump golang from ef30001 to 2e83858 in /e2e by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4259
• chore(deps): bump importlib-resources from 6.4.5 to 6.5.2 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4266
• chore(deps): bump pygments from 2.18.0 to 2.19.1 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4270
• add allowEmptyResponse to vaultdynamicsecrets by @​Kyaak in https://github.com/external-secrets/external-secrets/pull/4271
• docs: Fix IAM policy AWS SM provider by @​rastut in https://github.com/external-secrets/external-secrets/pull/4275
• feat(generators): add Quay generator support by @​dronenb in https://github.com/external-secrets/external-secrets/pull/4252
• chore: update dependencies by @​eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/4269
• fix: run make check-diff on main by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4285
• chore(deps): bump pymdown-extensions from 10.13 to 10.14 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4280
• chore(deps): bump alpine from 21dc606 to 56fa17d by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4281
• chore(deps): bump distroless/static from 5c7e2b4 to 3f2b64e by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4282
• chore(deps): bump golang from 6c5c959 to c233391 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4283
• chore: update dependencies by @​eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/4290
• chore(deps): bump github/codeql-action from 3.28.0 to 3.28.1 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4289
• chore(deps): bump softprops/action-gh-release from 2.2.0 to 2.2.1 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4288
• chore(deps): bump docker/setup-qemu-action from 3.2.0 to 3.3.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4287
• chore(deps): bump alpine from 21dc606 to 56fa17d in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4286
• chore(deps): bump alpine from 3.21.0 to 3.21.2 in /e2e by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4284
• Updated supported versions table by @​mooneeb in https://github.com/external-secrets/external-secrets/pull/4296
• docs: differentiate between two different bitwarden guides by @​nareddyt in https://github.com/external-secrets/external-secrets/pull/4301
• fix: helm chart test was not updated by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4302
• feat: add configuring tier for aws parameter store by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4262
• feat: add a renderer for template data and secrets by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4277
• chore(deps): bump golangci/golangci-lint-action from 6.1.1 to 6.2.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4307
• chore(deps): bump anchore/sbom-action from 0.7.0 to 0.17.9 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4308
• chore(deps): bump golang from 1.23.4-bookworm to 1.23.5-bookworm in /e2e by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4309
• chore(deps): bump mkdocs-material from 9.5.49 to 9.5.50 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4311
• chore(deps): bump ubi8/ubi from 37cdac4 to 2e863fb by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4312
• chore(deps): bump golang from 1.23.4 to 1.23.5 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4313
• infisical: fix error handling which previously failed silently (missing secrets, incorrect auth, etc.) by @​lgo in https://github.com/external-secrets/external-secrets/pull/4304
• fix: rename render to esoctl in release action by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4319

New Contributors

• @​Kyaak made their first contribution in https://github.com/external-secrets/external-secrets/pull/4271
• @​rastut made their first contribution in https://github.com/external-secrets/external-secrets/pull/4275
• @​dronenb made their first contribution in https://github.com/external-secrets/external-secrets/pull/4252
• @​mooneeb made their first contribution in https://github.com/external-secrets/external-secrets/pull/4296
• @​nareddyt made their first contribution in https://github.com/external-secrets/external-secrets/pull/4301
• @​lgo made their first contribution in https://github.com/external-secrets/external-secrets/pull/4304

Full Changelog: external-secrets/external-secrets@v0.12.1...v0.13.0

v0.12.1

Compare Source

RELEASE VERSION

My apologies, when creating the release, 0.12.0 failed. The branch and tag however, have been created and I was unable to delete them. Thus, the version has been increased to 0.12.1 after the fix and now that's the current version. I hand updated the release notes to include everyone into the changes.

BREAKING CHANGES

The following breaking changes have been introduced into this release:

• Permission update for AWS provider adding BulkFetch when getting multiple secrets ( significant API reduce but comes with adding a permission for bulk endpoint )
• fixed a typo for a generator in the json tag where before it was ecrRAuthorizationTokenSpec with an extra R
• We standardized the GCP Secrets Manager Metadata structure for PushSecrets ( be aware that existing manifests will stop working until updated to the standardized version ) for more info see https://github.com/external-secrets/external-secrets/pull/4210

Images

Image: ghcr.io/external-secrets/external-secrets:v0.12.1
Image: ghcr.io/external-secrets/external-secrets:v0.12.1-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.12.1-ubi-boringssl

What's Changed

• chore(deps): bump ubi8/ubi from 7287624 to 37cdac4 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4245
• revert: softprops update failing the release process by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4248
• chore: bump helm chart version v0.11.0 by @​Skarlso https://github.com/external-secrets/external-secrets/pull/4166
• chore(deps): bump mkdocs-material in /hack/api-docs by @​dependabot https://github.com/external-secrets/external-secrets/pull/4165
• chore: update dependencies by @​eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/4169
• Gc/fix clusterexternalsecret metrics by @​gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/4170
• chore(deps): bump distroless/static from f4a57e8 to 5c7e2b4 by @​dependabot https://github.com/external-secrets/external-secrets/pull/4164
• chore: deprecate olm proposal by @​gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/4175
• fix: error handling for gitlab variable fetch by @​Skarlso in https://github.com/external-secrets/external-secrets/pull/4177
• fix: v1 templates with metadata + always cleanup orphaned secrets by @​thesuperzapper in https://github.com/external-secrets/external-secrets/pull/4174
• fix: handle empty template engine version by @​thesuperzapper in https://github.com/external-secrets/external-secrets/pull/4182
• chore(deps): bump actions/cache from 4.1.2 to 4.2.0 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4190
• chore(deps): bump actions/attest-build-provenance from 1.4.4 to 2.0.1 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4189
• chore(deps): bump github/codeql-action from 3.27.5 to 3.27.6 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4188
• update dependencies in https://github.com/external-secrets/external-secrets/pull/4196
• chore(deps): bump codecov/codecov-action from 5.0.7 to 5.1.1 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4187
• chore(deps): bump alpine from 3.20.3 to 3.21.0 in /e2e by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4184
• chore(deps): bump golang from 1.23.3-bookworm to 1.23.4-bookworm by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4185
• chore(deps): bump alpine from 3.20 to 3.21 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4186
• chore(deps): bump alpine from 1e42bbe to 21dc606 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4191
• chore(deps): bump golang from 1.23.3 to 1.23.4 by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4192
• chore(deps): bump six from 1.16.0 to 1.17.0 in /hack/api-docs by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4193
• chore(deps): bump mkdocs-material in /hack/api-docs by dependabot in by @​dependabot in https://github.com/external-secrets/external-secrets/pull/4194

• feat: 1password add support for tags and configurable PushSecret vault by @​Dariusch (#​4173)
• fix: ensure existing labels are retained for secrets in GCP secrets by @​newtondev (#​4160)
• fix: return not found error when there is no secret for vault provider by @​Skarlso (#​4183)
• fix: error in order of function call UpdateEnvironment by @​dirien (#​4201)
• BREAKING: Standardize GCP Secret Manager PushSecret metadata format and add CMEK support @​janlauber in (#​4210)
• docs: add raw markdown tags to PushSecret example in Google Secrets Manager documentation by @​janlauber in (#​4213)
• Design/target custom resources by @​gusfcarvalho (#​3449)
• chore(deps): bump github/codeql-action from 3.27.6 to 3.27.9 by @​dependabot (#​4215)
• chore(deps): bump actions/attest-build-provenance from 2.0.1 to 2.1.0 by @​dependabot in (#​4216)
• feat: update to use Batch value get instead of List and Fetch all secrets for AWS provider by @​Skarlso in (#​4181)
• fix: increase default QPS/Burst to 50/100 by @​thesuperzapper (#​4202)
• chore(deps): bump softprops/action-gh-release from 2.1.0 to 2.2.0 by @​dependabot (#​4217)
• chore(deps): bump actions/setup-go from 5.1.0 to 5.2.0 by @​dependabot (#​4218)
• chore(deps): bump certifi from 2024.8.30 to 2024.12.14 by @​dependabot
• chore(deps): bump golang from 6c5c959 to 6c5c959 by @​dependabot (#​4220)
• chore: update dependencies by @​eso-service-account-app (#​4223)
• Add AWS ECR Public authorization token support by @​pmcenery (#​4229)
• fix: typo in the ecrAuthorizationTokenSpec json tag by @​Skarlso (#​4212)
• feat: fix a bunch of Sonar issues by @​Skarlso (#​4208)
• fix: Dockerfile.ubi using the wrong registry by @​Skarlso (#​4234)
• feat: add filterCertChain template helper function by @​sboschman (#​3934)
• fix: SonarCloud security hotspot by @​Skarlso in ([#​4235](https://redirect.github.com/external-secrets/external-secrets/issues/4

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.