Image: ghcr.io/external-secrets/external-secrets:v0.18.0
NOTE - the following UBI images are not currently working (broken build process).
Image: ghcr.io/external-secrets/external-secrets:v0.18.0-ubi
Image: ghcr.io/external-secrets/external-secrets:v0.18.0-ubi-boringssl

Potential Breaking Changes

This version includes a massive refactor of the AWS providers. Now, they are finally using V2 and thus opened some regions and are more maintainable. Massive thanks goes to @Ilhan-Personal for this work. We really appreciate all the effort that went into this. Thank you!

Further update has been done to 1Password provider SDK. Now, GetSecretMap functions the same way as 1Password connect. Which is that it uses extract to filter for files or other values.

What's Changed

• chore: update helm charts v0.17.0 by @Skarlso in #4780
• fix: release check output is not a string by @Skarlso in #4782
• docs: Fix formatting in Deprecation Policy notes by @kingdonb in #4791
• chore(deps): bump mkdocs-material from 9.6.13 to 9.6.14 in /hack/api-docs by @dependabot in #4793
• chore(deps): bump pyyaml-env-tag from 1.0 to 1.1 in /hack/api-docs by @dependabot in #4794
• chore(deps): bump fossas/fossa-action from 1.6.0 to 1.7.0 by @dependabot in #4795
• chore(deps): bump codecov/codecov-action from 5.4.2 to 5.4.3 by @dependabot in #4796
• chore(deps): bump anchore/sbom-action from 0.19.0 to 0.20.0 by @dependabot in #4797
• chore(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @dependabot in #4798
• chore(deps): bump distroless/static from 3d0f463 to d9f9472 by @dependabot in #4800
• chore: update dependencies by @eso-service-account-app in #4803
• fix: unused delimiter settings by @Skarlso in #4807
• fix: allows result.jsonpath to be templated on datafrom calls by @gusfcarvalho in #4808
• fix: Support for Non-json secret fetched from Delinea SecretServer by @DelineaSahilWankhede in #4743
• feat: add MFA token generator Generator by @Skarlso in #4790
• chore: add metadata labels to Dockerfiles by @rowanruseler in #4811
• chore(deps): bump golang from ef18ee7 to ef18ee7 by @dependabot in #4799
• fix: generator state controller trying to delete twice by @msfernandes in #4806
• fix: mfa generator length is too much and optional by @Skarlso in #4813
• fix: fix (again) helm release) by @gusfcarvalho in #4820
• chore: bump 0.17.1-rc1 by @gusfcarvalho in #4822
• chore(deps): Update bitwarden-sdk-server helm dependency by @yasn77 in #4831
• chore: update dependencies by @eso-service-account-app in #4836
• fix: generator state for pushsecrets by @gusfcarvalho in #4842
• migrate aws secretsmanager and aws parameter store to go sdk v2 by @Ilhan-Personal in #4484
• fix: set klog to logger for client-go by @Skarlso in #4818
• fix: gcp regional push should have no replications by @gusfcarvalho in #4815
• fix: e2e tests by @gusfcarvalho in #4847
• feat(aws): Enable setting custom endpoints for AWS ECR for ECRAuthori… by @mtweten in #4821
• fix: add mutex for thread safety in ProviderOnePassword methods by @bo0tzz in #4839
• chore(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot in #4858
• chore(deps): bump golang from 89a04cc to 29d9726 in /e2e by @dependabot in #4859
• chore(deps): bump alpine from 3.21.3 to 3.22.0 in /e2e by @dependabot in #4860
• chore(deps): bump alpine from a8560b3 to 8a1f59f by @dependabot in #4861
• chore(deps): bump golang from ef18ee7 to b4f875e by @dependabot in #4862
• chore(deps): bump alpine from 3.21 to 3.22 in /hack/api-docs by @dependabot in #4863
• chore(deps): bump zipp from 3.21.0 to 3.22.0 in /hack/api-docs by @dependabot in #4864
• chore(deps): bump tornado from 6.4.2 to 6.5.1 in /hack/api-docs by @dependabot in #4865
• typo fix by @dwgrth in #4853
• fix: pdb spec rendering issue by @linusyong in #4844
• docs: fix: AWS ECR Generator by @yo-ga in #4868
• fix: keepersecurity support for shortcuts by @ppodevlabs in #4825
• Revert "fix: keepersecurity support for shortcuts" by @Skarlso in #4870
• fix: Chart: Allow percentage on PDBs by @achetronic in #4852
• fix: one-password-connect is a read-write store by @Skarlso in #4869
• Fix gcloud invocation in google-secrets-manager.md by @mkmik in #4874
• docs: enhance the example of PushSecret/ClusterPushSecret by @aabouzaid in #4872
• fix: oci helm release gha by @gusfcarvalho in #4887
• chore(deps): bump ubi8/ubi from 244e985 to 0c1757c by @dependabot in #4879
• chore(deps): bump golang from 1.24.3 to 1.24.4 by @dependabot in #4880
• fix: leaving out managed id is not an invalid config by @Skarlso in #4890
• chore(deps): bump aquasecurity/trivy-action from 0.30.0 to 0.31.0 by @dependabot in #4881
• chore(deps): bump github/codeql-action from 3.28.18 to 3.28.19 by @dependabot in #4882
• chore(deps): bump zipp from 3.22.0 to 3.23.0 in /hack/api-docs by @dependabot in #4883
• chore(deps): bump golang from 1.24.3-bookworm to 1.24.4-bookworm in /e2e by @dependabot in #4884
• chore: update dependencies by @eso-service-account-app in #4886
• Gc/feat/ibm custom credentials by @gusfcarvalho in #4899
• fix: helm release running always by @gusfcarvalho in #4898
• feat: have parity with 1Password connect service for GetSecretMap by @Skarlso in #4895
• chore: upgrade go from 1.24.2 to 1.24.4 by @riccardomc in #4910
• [OnePasswordSDKProvider] Enable specifying the vault by UUID by @pollenjp in #4906
• chore: bump 0.18.0-rc1 by @gusfcarvalho in #4923
• chore: test a change on charts to see no new oci release by @gusfcarvalho in #4924
• fix: group variables not taking account of environments by @gusfcarvalho in #4928
• chore(deps): bump golang from 9716267 to ee7ff13 in /e2e by @dependabot in #4911
• chore(deps): bump golang from 68932fa to 68932fa by @dependabot in #4912
• chore(deps): bump distroless/static from d9f9472 to b7b9a69 by @dependabot in #4913
• chore(deps): bump requests from 2.32.3 to 2.32.4 in /hack/api-docs by @dependabot in #4914
• chore(deps): bump certifi from 2025.4.26 to 2025.6.15 in /hack/api-docs by @dependabot in #4915
• chore(deps): bump github/codeql-action from 3.28.19 to 3.29.0 by @dependabot in #4916
• chore(deps): bump softprops/action-gh-release from 2.2.2 to 2.3.2 by @dependabot in #4917
• chore(deps): bump step-security/harden-runner from 2.12.0 to 2.12.1 by @dependabot in #4918
• chore(deps): bump actions/attest-build-provenance from 2.3.0 to 2.4.0 by @dependabot in #4919
• chore(deps): bump anchore/sbom-action from 0.20.0 to 0.20.1 by @dependabot in #4920
• chore: update dependencies by @eso-service-account-app in #4922

New Contributors

• @kingdonb made their first contribution in #4791
• @DelineaSahilWankhede made their first contribution in #4743
• @msfernandes made their first contribution in #4806
• @yasn77 made their first contribution in #4831
• @Ilhan-Personal made their first contribution in #4484
• @mtweten made their first contribution in #4821
• @bo0tzz made their first contribution in #4839
• @dwgrth made their first contribution in #4853
• @linusyong made their first contribution in #4844
• @yo-ga made their first contribution in #4868
• @mkmik made their first contribution in #4874
• @aabouzaid made their first contribution in #4872
• @riccardomc made their first contribution in #4910
• @pollenjp made their first contribution in #4906

Full Changelog: v0.17.0...v0.18.0