Skip to content

Expose the new secret_sync_config setting to enable allow synchronize secrets to Kubernetes Secrets in all modules #2511

New issue
New issue
Open
Open
Expose the new secret_sync_config setting to enable allow synchronize secrets to Kubernetes Secrets in all modules#2511
Labels
enhancementNew feature or request
@idelsink

Description

@idelsink
idelsink
opened on Dec 22, 2025

TL;DR

The google_container_cluster resource has the option to enable the new (beta) secret_sync_config so that we can Synchronize secrets to Kubernetes Secrets.

Currently the UI does not expose it as well, so we had to enable it manually using:

gcloud --project <project name> \
  beta container clusters update <cluster name> \
  --location=<cluster location> \
  --enable-secret-sync

This took about 20-30 minutes to enable, but now we are able to create the SecretSync resources.

apiVersion: secret-sync.gke.io/v1
kind: SecretSync
metadata:
  name: some-secret
spec:
  serviceAccountName: some-sa
  secretProviderClassName: some-secret
  secretObject:
    type: Opaque
    data:
      - sourcePath: "foo"
        targetKey: "BAR"

It seems this feature will be "enabled" somewhere around Q1 26 (source)

Terraform Resources

https://registry.terraform.io/providers/hashicorp/google/7.14.1/docs/resources/container_cluster#secret_sync_config-2

Detailed design

Allow us consumers to enable this feature in IaC before GA

Additional information

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions