From 9114aac8f66246a698f4a7bb3fe0708430f0df11 Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Wed, 28 Jan 2026 20:27:16 -0800 Subject: [PATCH] Switch all ExternalSecrets to creationPolicy: Owner ESO now has full ownership of these secrets. Co-Authored-By: Claude Opus 4.5 --- argocd/manifests/argocd/external-secret-repo-forge.yaml | 2 +- argocd/manifests/databases/external-secret-borgmatic.yaml | 2 +- argocd/manifests/databases/external-secret-eblume.yaml | 2 +- argocd/manifests/databases/external-secret-teslamate.yaml | 2 +- argocd/manifests/forgejo-runner/external-secret.yaml | 2 +- argocd/manifests/grafana-config/external-secret-admin.yaml | 2 +- .../grafana-config/external-secret-teslamate-datasource.yaml | 2 +- argocd/manifests/tailscale-operator/external-secret.yaml | 2 +- argocd/manifests/teslamate/external-secret-db.yaml | 2 +- argocd/manifests/teslamate/external-secret-encryption-key.yaml | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/argocd/manifests/argocd/external-secret-repo-forge.yaml b/argocd/manifests/argocd/external-secret-repo-forge.yaml index 61fe3d6..1f96a43 100644 --- a/argocd/manifests/argocd/external-secret-repo-forge.yaml +++ b/argocd/manifests/argocd/external-secret-repo-forge.yaml @@ -19,7 +19,7 @@ spec: name: onepassword-blumeops target: name: repo-creds-forge - creationPolicy: Merge + creationPolicy: Owner template: metadata: labels: diff --git a/argocd/manifests/databases/external-secret-borgmatic.yaml b/argocd/manifests/databases/external-secret-borgmatic.yaml index 0af8cf6..ee600e3 100644 --- a/argocd/manifests/databases/external-secret-borgmatic.yaml +++ b/argocd/manifests/databases/external-secret-borgmatic.yaml @@ -17,7 +17,7 @@ spec: name: onepassword-blumeops target: name: blumeops-pg-borgmatic - creationPolicy: Merge + creationPolicy: Owner template: type: kubernetes.io/basic-auth data: diff --git a/argocd/manifests/databases/external-secret-eblume.yaml b/argocd/manifests/databases/external-secret-eblume.yaml index 532a1ed..a324c7d 100644 --- a/argocd/manifests/databases/external-secret-eblume.yaml +++ b/argocd/manifests/databases/external-secret-eblume.yaml @@ -17,7 +17,7 @@ spec: name: onepassword-blumeops target: name: blumeops-pg-eblume - creationPolicy: Merge + creationPolicy: Owner template: type: kubernetes.io/basic-auth data: diff --git a/argocd/manifests/databases/external-secret-teslamate.yaml b/argocd/manifests/databases/external-secret-teslamate.yaml index 346a4bb..0c52e0b 100644 --- a/argocd/manifests/databases/external-secret-teslamate.yaml +++ b/argocd/manifests/databases/external-secret-teslamate.yaml @@ -17,7 +17,7 @@ spec: name: onepassword-blumeops target: name: blumeops-pg-teslamate - creationPolicy: Merge + creationPolicy: Owner template: type: kubernetes.io/basic-auth data: diff --git a/argocd/manifests/forgejo-runner/external-secret.yaml b/argocd/manifests/forgejo-runner/external-secret.yaml index ec1f5c6..21139b7 100644 --- a/argocd/manifests/forgejo-runner/external-secret.yaml +++ b/argocd/manifests/forgejo-runner/external-secret.yaml @@ -20,7 +20,7 @@ spec: name: onepassword-blumeops target: name: forgejo-runner-env - creationPolicy: Merge + creationPolicy: Owner template: data: FORGEJO_URL: "https://forge.ops.eblu.me" diff --git a/argocd/manifests/grafana-config/external-secret-admin.yaml b/argocd/manifests/grafana-config/external-secret-admin.yaml index 547676b..6876d97 100644 --- a/argocd/manifests/grafana-config/external-secret-admin.yaml +++ b/argocd/manifests/grafana-config/external-secret-admin.yaml @@ -17,7 +17,7 @@ spec: name: onepassword-blumeops target: name: grafana-admin - creationPolicy: Merge + creationPolicy: Owner template: data: admin-user: admin diff --git a/argocd/manifests/grafana-config/external-secret-teslamate-datasource.yaml b/argocd/manifests/grafana-config/external-secret-teslamate-datasource.yaml index 4533c2f..3f8af1a 100644 --- a/argocd/manifests/grafana-config/external-secret-teslamate-datasource.yaml +++ b/argocd/manifests/grafana-config/external-secret-teslamate-datasource.yaml @@ -20,7 +20,7 @@ spec: name: onepassword-blumeops target: name: grafana-teslamate-datasource - creationPolicy: Merge + creationPolicy: Owner template: data: TESLAMATE_DB_PASSWORD: "{{ .password }}" diff --git a/argocd/manifests/tailscale-operator/external-secret.yaml b/argocd/manifests/tailscale-operator/external-secret.yaml index b8658cc..45aae71 100644 --- a/argocd/manifests/tailscale-operator/external-secret.yaml +++ b/argocd/manifests/tailscale-operator/external-secret.yaml @@ -17,7 +17,7 @@ spec: name: onepassword-blumeops target: name: operator-oauth - creationPolicy: Merge + creationPolicy: Owner data: - secretKey: client_id remoteRef: diff --git a/argocd/manifests/teslamate/external-secret-db.yaml b/argocd/manifests/teslamate/external-secret-db.yaml index 38d1925..11eeec6 100644 --- a/argocd/manifests/teslamate/external-secret-db.yaml +++ b/argocd/manifests/teslamate/external-secret-db.yaml @@ -17,7 +17,7 @@ spec: name: onepassword-blumeops target: name: teslamate-db - creationPolicy: Merge + creationPolicy: Owner data: - secretKey: password remoteRef: diff --git a/argocd/manifests/teslamate/external-secret-encryption-key.yaml b/argocd/manifests/teslamate/external-secret-encryption-key.yaml index 92e1f50..96938bf 100644 --- a/argocd/manifests/teslamate/external-secret-encryption-key.yaml +++ b/argocd/manifests/teslamate/external-secret-encryption-key.yaml @@ -19,7 +19,7 @@ spec: name: onepassword-blumeops target: name: teslamate-encryption - creationPolicy: Merge + creationPolicy: Owner data: - secretKey: key remoteRef: