Update Helm release external-secrets to v0.18.1 (main) (!4419) · Merge requests · Sylva-projects / sylva-core

This MR contains the following updates:

Package	Update	Change
external-secrets	minor	`0.16.2` -> `0.18.1`

Release Notes

external-secrets/external-secrets (external-secrets)

`v0.18.1`

Compare Source

Image: ghcr.io/external-secrets/external-secrets:v0.18.1 Image: ghcr.io/external-secrets/external-secrets:v0.18.1-ubi Image: ghcr.io/external-secrets/external-secrets:v0.18.1-ubi-boringssl

What's Changed

chore: release helm chart for v0.18.0 by @Skarlso in https://github.com/external-secrets/external-secrets/pull/4932
Fix missing region error with defaultJWTProvider by @Ilhan-Personal in https://github.com/external-secrets/external-secrets/pull/4940
feat: introduce secret rewrite merge operation by @riccardomc in https://github.com/external-secrets/external-secrets/pull/4894
chore(deps): bump sigstore/cosign-installer from 3.8.2 to 3.9.0 by @dependabot in https://github.com/external-secrets/external-secrets/pull/4942
chore(deps): bump pymdown-extensions from 10.15 to 10.16 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/4943
chore(deps): bump docker/setup-buildx-action from 3.10.0 to 3.11.1 by @dependabot in https://github.com/external-secrets/external-secrets/pull/4944
chore(deps): bump pygments from 2.19.1 to 2.19.2 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/4945
chore(deps): bump ubi8/ubi from 0c1757c to 19eae3d by @dependabot in https://github.com/external-secrets/external-secrets/pull/4946
chore(deps): bump markdown from 3.8 to 3.8.2 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/4947
fix: wrong info on refresh policies by @gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/4951
fix: fqdn to allow secret names bigger than 92 characters by @gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/4955
fix: creation policy orphan now does not react to secret updates by @gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/4956

Full Changelog: https://github.com/external-secrets/external-secrets/compare/v0.18.0...v0.18.1

`v0.18.0`

Compare Source

Image: ghcr.io/external-secrets/external-secrets:v0.18.0 Image: ghcr.io/external-secrets/external-secrets:v0.18.0-ubi Image: ghcr.io/external-secrets/external-secrets:v0.18.0-ubi-boringssl

Potential Breaking Changes

This version includes a massive refactor of the AWS providers. Now, they are finally using V2 and thus opened some regions and are more maintainable. Massive thanks goes to @Ilhan-Personal for this work. We really appreciate all the effort that went into this. Thank you!

Further update has been done to 1Password provider SDK. Now, GetSecretMap functions the same way as 1Password connect. Which is that it uses extract to filter for files or other values.

Image: ghcr.io/external-secrets/external-secrets:v0.17.0 Image: ghcr.io/external-secrets/external-secrets:v0.17.0-ubi Image: ghcr.io/external-secrets/external-secrets:v0.17.0-ubi-boringssl

BREAKING CHANGE

v0.17.0 Stops serving v1beta1 apis. You need to update your manifests from v1beta1 to v1 prior to updating from v0.16 to v0.17.

The only change needed is upgrading your manifests to v1 (i.e. removing the beta1 from v1beta1).

Be sure to do that to all your manifests prior to bumping to v0.17.0! v0.16.2 already supports v1 so this process should be smooth.

What's Changed

chore: update helm charts v0.16.2 by @Skarlso in https://github.com/external-secrets/external-secrets/pull/4748
fix: typo on delete method for repo by @gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/4750
fix: Show Errors from Github by @Alexander-Cairns in https://github.com/external-secrets/external-secrets/pull/4753
doc(openbao): add information about it working with vault provider by @eyenx in https://github.com/external-secrets/external-secrets/pull/4755
Gc/fix/gcp pushsecret location replication by @gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/4751
chore: unserve v1beta1 and mark it as deprecated by @gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/4758
fix: not releasing helm charts when its already released by @gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/4771
fix: remove comment from helm by @gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/4772
infisical: support secrets within paths for data references by @lgo in https://github.com/external-secrets/external-secrets/pull/4305
chore(deps): bump pyyaml-env-tag from 0.1 to 1.0 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/4761
chore(deps): bump platformdirs from 4.3.7 to 4.3.8 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/4762
chore(deps): bump mkdocs-material from 9.6.12 to 9.6.13 in /hack/api-docs by @dependabot in https://github.com/external-secrets/external-secrets/pull/4763
chore(deps): bump golang from 1.24.2 to 1.24.3 by @dependabot in https://github.com/external-secrets/external-secrets/pull/4764
chore(deps): bump golang from 1.24.2-bookworm to 1.24.3-bookworm in /e2e by @dependabot in https://github.com/external-secrets/external-secrets/pull/4765
chore(deps): bump actions/setup-go from 5.4.0 to 5.5.0 by @dependabot in https://github.com/external-secrets/external-secrets/pull/4766
Cache separate vault clients for each namespace if necessary by @ChristianCiach in https://github.com/external-secrets/external-secrets/pull/4706
chore(deps): bump dependabot/fetch-metadata from 2.3.0 to 2.4.0 by @dependabot in https://github.com/external-secrets/external-secrets/pull/4768
feat: improve code integration api by @gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/4777
chore: update dependencies by @eso-service-account-app in https://github.com/external-secrets/external-secrets/pull/4770
chore(deps): bump actions/dependency-review-action from 67d4f4b to 8805179 by @dependabot in https://github.com/external-secrets/external-secrets/pull/4767
fix: adds releases to stability and support by @gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/4776
Update docs/example for ECR token generator by @Moulick in https://github.com/external-secrets/external-secrets/pull/4773
feat: add 1Password SDK based provider by @Skarlso in https://github.com/external-secrets/external-secrets/pull/4628
chore: updates stability support for 0.17.0 by @gusfcarvalho in https://github.com/external-secrets/external-secrets/pull/4779
fix: update provider examples to use apiVersion external-secrets.io/v1 by @rowanruseler in https://github.com/external-secrets/external-secrets/pull/4757

New Contributors

@Alexander-Cairns made their first contribution in https://github.com/external-secrets/external-secrets/pull/4753
@eyenx made their first contribution in https://github.com/external-secrets/external-secrets/pull/4755
@ChristianCiach made their first contribution in https://github.com/external-secrets/external-secrets/pull/4706
@Moulick made their first contribution in https://github.com/external-secrets/external-secrets/pull/4773
@rowanruseler made their first contribution in https://github.com/external-secrets/external-secrets/pull/4757

Full Changelog: https://github.com/external-secrets/external-secrets/compare/v0.16.2...v0.17.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot Sylva instance.

CI configuration couldn't be handle by MR description. A dedicated comment has been posted to control it.

If no checkbox is checked, a default pipeline will be enabled (capm3, or capo if capo label is set)

CI configuration

Below you can choose test deployment variants to run in this MR's CI.

Click to open to CI configuration

Legend:

Icon	Meaning	Available values
☁️	Infra Provider	`capd`, `capo`, `capm3`
🚀	Bootstrap Provider	`kubeadm` (alias `kadm`), `rke2`
🐧	Node OS	`ubuntu`, `suse`
🛠️	Deployment Options	`light-deploy`, `dev-sources`, `ha`, `misc`, `maxsurge-0`, `logging`, `no-logging`
🎬	Pipeline Scenarios	Available scenario list and description

Global config for deployment pipelines

autorun pipelines
allow failure on pipelines
record sylvactl events

Notes:

Enabling autorun will make deployment pipelines to be run automatically without human interaction
Disabling allow failure will make deployment pipelines mandatory for pipeline success.
if both autorun and allow failure are disabled, deployment pipelines will need manual triggering but will be blocking the pipeline

Be aware: after configuration change, pipeline is not triggered automatically. Please run it manually (by clicking the run pipeline button in Pipelines tab) or push new code.

Edited Jul 02, 2025 by Dragos Gerea

Update Helm release external-secrets to v0.18.1 (main)

Release Notes

v0.18.1

What's Changed

v0.18.0

Potential Breaking Changes

What's Changed

New Contributors

v0.17.0

BREAKING CHANGE

What's Changed

New Contributors

Configuration

CI configuration

Global config for deployment pipelines

Merge request reports

`v0.18.1`

`v0.18.0`

`v0.17.0`