diff --git a/README.md b/README.md
index bf72330..f5b5809 100644
--- a/README.md
+++ b/README.md
@@ -515,11 +515,11 @@ You need the following permissions to run this module.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [eso\_chart\_location](#input\_eso\_chart\_location) | The location of the External Secrets Operator Helm chart. | `string` | `"https://charts.external-secrets.io"` | no |
-| [eso\_chart\_version](#input\_eso\_chart\_version) | The version of the External Secrets Operator Helm chart. Ensure that the chart version is compatible with the image version specified in eso\_image\_version. | `string` | `"0.20.3"` | no |
+| [eso\_chart\_version](#input\_eso\_chart\_version) | The version of the External Secrets Operator Helm chart. Ensure that the chart version is compatible with the image version specified in eso\_image\_version. | `string` | `"0.20.4"` | no |
| [eso\_cluster\_nodes\_configuration](#input\_eso\_cluster\_nodes\_configuration) | Configuration to use to customise ESO deployment on specific cluster nodes. Setting appropriate values will result in customising ESO helm release. Default value is null to keep ESO standard deployment. | object({
nodeSelector = object({
label = string
value = string
})
tolerations = object({
key = string
operator = string
value = string
effect = string
})
}) | `null` | no |
| [eso\_enroll\_in\_servicemesh](#input\_eso\_enroll\_in\_servicemesh) | Flag to enroll ESO into istio servicemesh | `bool` | `false` | no |
| [eso\_image](#input\_eso\_image) | The External Secrets Operator image in the format of `[registry-url]/[namespace]/[image]`. | `string` | `"ghcr.io/external-secrets/external-secrets"` | no |
-| [eso\_image\_version](#input\_eso\_image\_version) | The version or digest for the external secrets image to deploy. If changing the value, ensure it is compatible with the chart version set in eso\_chart\_version. | `string` | `"v0.20.3-ubi@sha256:402a0d76880a095d7eec97e81a49a93096d256cf29941e842b22f8def7362c75"` | no |
+| [eso\_image\_version](#input\_eso\_image\_version) | The version or digest for the external secrets image to deploy. If changing the value, ensure it is compatible with the chart version set in eso\_chart\_version. | `string` | `"v0.20.4-ubi@sha256:f62f18055a1e0b3cad889e2837e6e14220a5119519e2bd213de583d98d5a7cc1"` | no |
| [eso\_namespace](#input\_eso\_namespace) | Namespace to create and be used to install ESO components including helm releases. | `string` | `null` | no |
| [eso\_pod\_configuration](#input\_eso\_pod\_configuration) | Configuration to use to customise ESO deployment on specific pods. Setting appropriate values will result in customising ESO helm release. Default value is {} to keep ESO standard deployment. Ignore the key if not required. | object({
annotations = optional(object({
# The annotations for external secret controller pods.
external_secrets = optional(map(string), {})
# The annotations for external secret cert controller pods.
external_secrets_cert_controller = optional(map(string), {})
# The annotations for external secret controller pods.
external_secrets_webhook = optional(map(string), {})
}), {})
labels = optional(object({
# The labels for external secret controller pods.
external_secrets = optional(map(string), {})
# The labels for external secret cert controller pods.
external_secrets_cert_controller = optional(map(string), {})
# The labels for external secret controller pods.
external_secrets_webhook = optional(map(string), {})
}), {})
}) | `{}` | no |
| [existing\_eso\_namespace](#input\_existing\_eso\_namespace) | Existing Namespace to be used to install ESO components including helm releases. | `string` | `null` | no |
diff --git a/common-dev-assets b/common-dev-assets
index 1df43f2..ae23e02 160000
--- a/common-dev-assets
+++ b/common-dev-assets
@@ -1 +1 @@
-Subproject commit 1df43f2daf97a529d05350408d32a12f50d89fbf
+Subproject commit ae23e021950779a9c0612e71ce51d074f14b7543
diff --git a/examples/all-combined/main.tf b/examples/all-combined/main.tf
index bcf02d8..3279379 100644
--- a/examples/all-combined/main.tf
+++ b/examples/all-combined/main.tf
@@ -186,7 +186,7 @@ module "network_acl" {
# OCP CLUSTER creation
module "ocp_base" {
source = "terraform-ibm-modules/base-ocp-vpc/ibm"
- version = "3.66.0"
+ version = "3.67.3"
cluster_name = "${var.prefix}-vpc"
resource_group_id = module.resource_group.resource_group_id
region = var.region
@@ -231,7 +231,7 @@ data "ibm_cis" "cis_instance" {
module "vpes" {
source = "terraform-ibm-modules/vpe-gateway/ibm"
- version = "4.7.12"
+ version = "4.8.1"
count = var.service_endpoints == "private" ? 1 : 0
region = var.region
prefix = "vpe"
diff --git a/examples/all-combined/privatecertificate.tf b/examples/all-combined/privatecertificate.tf
index 3247258..0261cf7 100644
--- a/examples/all-combined/privatecertificate.tf
+++ b/examples/all-combined/privatecertificate.tf
@@ -13,7 +13,7 @@ locals {
# private certificate engine
module "secrets_manager_private_secret_engine" {
source = "terraform-ibm-modules/secrets-manager-private-cert-engine/ibm"
- version = "1.10.1"
+ version = "1.10.2"
secrets_manager_guid = local.sm_guid
region = local.sm_region
root_ca_name = var.pvt_ca_name != null ? var.pvt_ca_name : "pvt-${var.prefix}-project-root-ca"
diff --git a/examples/all-combined/publiccertificate.tf b/examples/all-combined/publiccertificate.tf
index f833761..4346d67 100644
--- a/examples/all-combined/publiccertificate.tf
+++ b/examples/all-combined/publiccertificate.tf
@@ -8,7 +8,7 @@
module "secrets_manager_public_cert_engine" {
count = (var.acme_letsencrypt_private_key != null || (var.acme_letsencrypt_private_key_sm_id != null && var.acme_letsencrypt_private_key_secret_id != null && var.acme_letsencrypt_private_key_sm_region != null)) ? 1 : 0
source = "terraform-ibm-modules/secrets-manager-public-cert-engine/ibm"
- version = "1.3.0"
+ version = "1.3.1"
secrets_manager_guid = local.sm_guid
region = local.sm_region
internet_services_crn = data.ibm_cis.cis_instance.id
diff --git a/examples/basic/main.tf b/examples/basic/main.tf
index 73fa7a9..2b4c4e4 100644
--- a/examples/basic/main.tf
+++ b/examples/basic/main.tf
@@ -198,7 +198,7 @@ module "network_acl" {
# OCP CLUSTER creation
module "ocp_base" {
source = "terraform-ibm-modules/base-ocp-vpc/ibm"
- version = "3.66.0"
+ version = "3.67.3"
cluster_name = "${var.prefix}-vpc"
resource_group_id = module.resource_group.resource_group_id
region = var.region
diff --git a/examples/trusted-profiles-authentication/main.tf b/examples/trusted-profiles-authentication/main.tf
index 5136c76..9f2807b 100644
--- a/examples/trusted-profiles-authentication/main.tf
+++ b/examples/trusted-profiles-authentication/main.tf
@@ -166,7 +166,7 @@ module "external_secrets" {
module "vpes" {
source = "terraform-ibm-modules/vpe-gateway/ibm"
- version = "4.7.12"
+ version = "4.8.1"
count = var.service_endpoints == "private" ? 1 : 0
region = var.region
prefix = "vpe"
diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf
index 1e05337..f07a951 100644
--- a/solutions/fully-configurable/variables.tf
+++ b/solutions/fully-configurable/variables.tf
@@ -146,7 +146,7 @@ variable "eso_image" {
variable "eso_image_version" {
type = string
description = "The version or digest for the external secrets image to deploy. If changing the value, ensure it is compatible with the chart version set in eso_chart_version."
- default = "v0.20.3-ubi@sha256:402a0d76880a095d7eec97e81a49a93096d256cf29941e842b22f8def7362c75" # datasource: ghcr.io/external-secrets/external-secrets
+ default = "v0.20.4-ubi@sha256:f62f18055a1e0b3cad889e2837e6e14220a5119519e2bd213de583d98d5a7cc1" # datasource: ghcr.io/external-secrets/external-secrets
nullable = false
validation {
condition = can(regex("(^v\\d+\\.\\d+.\\d+(\\-\\w+)?(\\@sha256\\:\\w+){0,1})$", var.eso_image_version))
@@ -164,7 +164,7 @@ variable "eso_chart_location" {
variable "eso_chart_version" {
type = string
description = "The version of the External Secrets Operator Helm chart. Ensure that the chart version is compatible with the image version specified in eso_image_version."
- default = "0.20.3" # registryUrl: charts.external-secrets.io
+ default = "0.20.4" # registryUrl: charts.external-secrets.io
nullable = false
}
diff --git a/tests/existing-resources/main.tf b/tests/existing-resources/main.tf
index 549c41e..032a8cc 100644
--- a/tests/existing-resources/main.tf
+++ b/tests/existing-resources/main.tf
@@ -184,7 +184,7 @@ module "network_acl" {
# OCP CLUSTER creation
module "ocp_base" {
source = "terraform-ibm-modules/base-ocp-vpc/ibm"
- version = "3.66.0"
+ version = "3.67.3"
cluster_name = "${var.prefix}-vpc"
resource_group_id = module.resource_group.resource_group_id
region = var.region
diff --git a/tests/go.mod b/tests/go.mod
index c92c30a..cce37cc 100644
--- a/tests/go.mod
+++ b/tests/go.mod
@@ -5,7 +5,7 @@ go 1.24.0
toolchain go1.25.3
require (
- github.com/gruntwork-io/terratest v0.51.0
+ github.com/gruntwork-io/terratest v0.52.0
github.com/stretchr/testify v1.11.1
github.com/terraform-ibm-modules/ibmcloud-terratest-wrapper v1.60.17
gopkg.in/yaml.v3 v3.0.1
diff --git a/tests/go.sum b/tests/go.sum
index 5bf5a14..00c05e4 100644
--- a/tests/go.sum
+++ b/tests/go.sum
@@ -256,8 +256,8 @@ github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 h1:JeSE6pjso5T
github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674/go.mod h1:r4w70xmWCQKmi1ONH4KIaBptdivuRPyosB9RmPlGEwA=
github.com/gruntwork-io/go-commons v0.8.0 h1:k/yypwrPqSeYHevLlEDmvmgQzcyTwrlZGRaxEM6G0ro=
github.com/gruntwork-io/go-commons v0.8.0/go.mod h1:gtp0yTtIBExIZp7vyIV9I0XQkVwiQZze678hvDXof78=
-github.com/gruntwork-io/terratest v0.51.0 h1:RCXlCwWlHqhUoxgF6n3hvywvbvrsTXqoqt34BrnLekw=
-github.com/gruntwork-io/terratest v0.51.0/go.mod h1:evZHXb8VWDgv5O5zEEwfkwMhkx9I53QR/RB11cISrpg=
+github.com/gruntwork-io/terratest v0.52.0 h1:7+I3FqEImowIajZ9Qyo5ngr7n2AUINJko6x+KzlWNjU=
+github.com/gruntwork-io/terratest v0.52.0/go.mod h1:y2Evi+Ac04QpzF3mbRPqrBjipDN7gjqlw6+OZoy2vX4=
github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
diff --git a/variables.tf b/variables.tf
index 2c85672..42f20f9 100644
--- a/variables.tf
+++ b/variables.tf
@@ -77,7 +77,7 @@ variable "eso_image" {
variable "eso_image_version" {
type = string
description = "The version or digest for the external secrets image to deploy. If changing the value, ensure it is compatible with the chart version set in eso_chart_version."
- default = "v0.20.3-ubi@sha256:402a0d76880a095d7eec97e81a49a93096d256cf29941e842b22f8def7362c75" # datasource: ghcr.io/external-secrets/external-secrets
+ default = "v0.20.4-ubi@sha256:f62f18055a1e0b3cad889e2837e6e14220a5119519e2bd213de583d98d5a7cc1" # datasource: ghcr.io/external-secrets/external-secrets
nullable = false
validation {
condition = can(regex("(^v\\d+\\.\\d+.\\d+(\\-\\w+)?(\\@sha256\\:\\w+){0,1})$", var.eso_image_version))
@@ -95,7 +95,7 @@ variable "eso_chart_location" {
variable "eso_chart_version" {
type = string
description = "The version of the External Secrets Operator Helm chart. Ensure that the chart version is compatible with the image version specified in eso_image_version."
- default = "0.20.3" # registryUrl: charts.external-secrets.io
+ default = "0.20.4" # registryUrl: charts.external-secrets.io
nullable = false
}