Due to the upgrades with the external-secrets operator image (already upgraded from v0.16.2-ubi to v0.17.0-ubi with the module version 1.4.2) and helm chart (from v0.16.2 to v0.17.0) versions, the already existing deployments updated to terraform-ibm-external-secrets-operator version v1.4.3 and below are strongly suggested to perform a two steps upgrade to avoid issues with their deployments:

first step to upgrade terraform-ibm-external-secrets-operator to version v1.5.0, including the ESO Custom Resources definitions update: this update will take care of upgrading all the CRs deployed in your deployment
second step to upgrade terraform-ibm-external-secrets-operator to version v2.0.0 including new external-secrets operator helm chart version (from v0.16.2 to v0.17.0)

Options available when missing the two steps upgrade:

(Note: both the options listed below will destroy your ESO Custom Resources definitions, that means your secrets won’t be synched with Secrets Manager until your deployment is fully restored. So please consider any potential disruption to your service by going through one of them)

Existing deployment upgrade from v1.4.3 or below to v2.0.0 in one shot

In the case you need to jump from v1.4.3 or below to v2.0.0 without going through the suggested two steps upgrade, it is possible to perform it without errors by preliminary destroying all the ESO custom resources (clustersecretstore, secretstore, externalsecret) deployed in your cluster through explicit terraform destroy -target [resource address]. Once all the ESO Custom Resources deployed into your cluster are destroyed (to double check you can list the helm releases deployed into your cluster by this module, only ESO operator helm release and, optionally, the stakater reloader one are expected to be present), you can go on with upgrading this module to version v2.0.0 using the original terraform template: this will restore your previous deployment with the new CRs definitions.

Existing deployments troubleshooting in the case of mandatory versions skipped

Given that the new helm chart version v0.17.0 doesn’t support the CRs definition deployed with this module version v1.4.3 and below, we strongly discourage the upgrade from version prior to v1.4.2 to v2.0.0 without going through v1.4.2/v1.4.3 and then v1.5.0: by skipping the mentioned versions your ESO resources deployment will experience disruption and it will be impossible to perform a further upgrade of the module.
In such a case you will need to explicitly destroy each ESO custom resource for cluster secret store, secret store and external secrets through terraform destroy -target [resource address] and in all the cases their deletion would fail (expected behaviour) you will need to manually delete the corresponding helm release using helm CLI (when this operation will be over the only helm releases deployed by this module in your cluster must be the ESO operator helm release and, optionally, the stakater reloader one). Once these resources are cleaned up, you can go on with applying the previous terraform template again, this will restore your previous deployment with the new CRs definitions.

Assets 2

Releases: terraform-ibm-modules/terraform-ibm-external-secrets-operator

v2.1.6

2.1.6 (2025-07-24)

Bug Fixes

Uh oh!

v2.1.5

2.1.5 (2025-07-20)

Bug Fixes

Uh oh!

v2.1.4

2.1.4 (2025-07-20)

Bug Fixes

Uh oh!

v2.1.3

2.1.3 (2025-07-17)

Bug Fixes

Uh oh!

v2.1.2

2.1.2 (2025-07-16)

Bug Fixes

Uh oh!

v2.1.1

2.1.1 (2025-07-10)

Bug Fixes

Uh oh!

v2.1.0

2.1.0 (2025-06-30)

Features

Uh oh!

v2.0.2

2.0.2 (2025-06-26)

Bug Fixes

Uh oh!

v2.0.1

2.0.1 (2025-06-19)

Bug Fixes

Uh oh!

v2.0.0

2.0.0 (2025-06-03)

Updates

BREAKING CHANGES

Options available when missing the two steps upgrade:

Existing deployment upgrade from v1.4.3 or below to v2.0.0 in one shot

Existing deployments troubleshooting in the case of mandatory versions skipped

Uh oh!