sops-secrets-operator icon indicating copy to clipboard operation
sops-secrets-operator copied to clipboard
verified publisher icon isindir

feat: add cross-namespace secret deployment support

Open hyperb1iss opened this issue 6 months ago • 4 comments

Add targetNamespaces field to SopsSecretTemplate enabling deployment of the same secret to multiple namespaces without duplicating encrypted data. Super useful for things like database secrets that need to be visible to application namespaces in addition to the database's namespace.

Key changes:

  • Added targetNamespaces []string field to all API versions (v1alpha1, v1alpha2, v1alpha3)
  • Updated controller reconciliation to iterate over target namespaces
  • Same-namespace secrets use standard controller ownership
  • Cross-namespace secrets use annotation-based management (sopssecret/owner)
  • Updated garbage collection to handle multi-namespace cleanup
  • Refactored createKubeSecretFromTemplate to accept targetNamespace parameter
  • Updated README with cross-namespace usage examples and RBAC requirements
  • All tests and lints passing

Backward compatible: empty targetNamespaces defaults to SopsSecret's namespace.

hyperb1iss avatar Oct 17 '25 17:10 hyperb1iss